All

- 790 Questions
All(790)  Home

All Question 1/790


An online photo application lets users upload photos and perform image editing operations. The application offers two classes of service: free and paid. Photos submitted by paid users are processed before those submitted by free users. Photos are uploaded to Amazon S3 and the job information is sent to Amazon SQS.

Which configuration should a solutions architect recommend?

RefreshNextRandom

A. Use one SQS FIFO queue. Assign a higher priority to the paid photos so they are processed first.
All Home

All Question 2/790


A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity

Which architecture offers the HIGHEST availability?

RefreshNextRandom

D. Use Amazon MQ with active/standby brokers configured across two Availability Zones Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones Use Amazon RDS for MySQL with Multi-AZ enabled.
All Home

All Question 3/790


A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3.

These files are encrypted using AWS Key Management Service Customer Master Keys (AWS KMS CMKs).

A solutions architect needs to design a solution that will ensure the required permissions are set correctly.

Which combination of actions accomplish this? (Select TWO)

RefreshNextRandom

B. Grant the decrypt permission for the Lambda IAM role in the KMS key's policy.
E. Create a new IAM role with the kms decrypt permission and attach the execution role to the Lambda function.
All Home

All Question 4/790


A company has three VPCs named Development, Testing, and Production in the us–east–1 Region. The three VPCs need to be connected to an on–premises data center and are designed to be separate to maintain security and prevent any resource sharing. A solutions architect needs to find a scalable and secure solution.

What should the solutions architect recommend?

RefreshNextRandom

B. Create VPC peers from all the VPCs to the Production VP
C. Use an AWS Direct Connect connection from the Production VPC back to the data center.
All Home

All Question 5/790


A gaming company is using Amazon DynamoDB to run a high–score leaderboard and record the game progress for users. The company is launching a new game that is expected to be active for years.

The database activity at launch cannot be predicted; but it is expected to stabilize after 4 weeks. Currently, the company is using on–demand capacity mode for processing reads and writes on all DynamoDB tables.

What is the MOST cost–effective way for the company to control the DynamoDB capacity during the new game launch?

RefreshNextRandom

D. Use on-demand mode for the game launch, switch to provisioned capacity mode after 4 weeks and then purchase DynamoDB reserved capacity
All Home

All Question 6/790


A company is migrating to the AWS Cloud. A file server is the first workload to migrate. Users must be able to access the file share using the Server Message Block (SMB) protocol. Which AWS managed service meets these requirements?

RefreshNextRandom

C. Amazon FSx
Amazon FSx for Windows File Server provides fully managed, highly reliable file storage that is accessible over the industry-standard Server Message Block (SMB) protocol. Amazon FSx is built on Windows Server and provides a rich set of administrative features that include end-user file restore, user quotas, and Access Control Lists (ACLs). Additionally, Amazon FSX for Windows File Server supports Distributed File System Replication (DFSR) in both Single-AZ and Multi-AZ deployments as can be seen in the feature comparison table below. CORRECT: "Amazon FSx" is the correct answer. INCORRECT: "Amazon Elastic Block Store (EBS)" is incorrect. EFS and EBS are not good use cases for this solution. Neither storage solution is capable of presenting Amazon S3 objects as files to the application. INCORRECT: "Amazon EC2" is incorrect as no SMB support. INCORRECT: "Amazon S3" is incorrect as this is not a suitable replacement for a Microsoft filesystem.
All Home

All Question 7/790


A company provides an online service for posting video content and transcoding it for use by any mobile platform. The application architecture uses Amazon Elastic File System (Amazon EFS) Standard to collect and store the videos so that multiple Amazon EC2 Linux instances can access the video content for processing. As the popularity of the service has grown over time, the storage costs have become too expensive.

Which storage solution is MOST cost–effective?

RefreshNextRandom

A. Use AWS Storage Gateway for files to store and process the video content.
All Home

All Question 8/790


An online shopping application accesses an Amazon RDS Multi–AZ DB instance. Database performance is slowing down the application. After upgrading to the next–generation instance type, there was no significant performance improvement.

Analysis shows approximately 700 IOPS are sustained, common queries run for long durations and memory utilization is high.



Which application change should a solutions architect recommend to resolve these issues?

RefreshNextRandom

C. Deploy a two-node Amazon ElastiCache cluster and modify the application to query the cluster first and query the database only if needed.
All Home

All Question 9/790


A company currently has 250 TB of backup files stored in Amazon S3 in a vendor's proprietary format.

Using a Linux–based software application provided by the vendor, the company wants to retrieve files from Amazon S3, transform the files to an industry–standard format, and re–upload them to Amazon S3. The company wants to minimize the data transfer charges associated with this conversation.

What should a solutions architect do to accomplish this?

RefreshNextRandom

D. Launch an Amazon EC2 instance in the same Region as Amazon S3 and install the conversion software onto the instance. Perform the transformation and re-upload the files to Amazon S3 from the EC2 instance.
All Home

All Question 10/790


A company recently expanded globally and wants to make its application accessible to users in those geographic locations. The application is deployed on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. The company needs the ability shift traffic from resources in one region to another.

What should a solutions architect recommend?

RefreshNextRandom

C. Configure an Amazon Route 53 geoproximity routing policy.
Keyword: Users in those Geographic Locations Condition: Ability Shift traffic from resources in One Region to Another Region The following table highlights the key function of each type of routing policy: Geo-location: Caters to different users in different countries and different languages. Contains users within a particular geography and offers them a customized version of the workload based on their specific needs. Geolocation can be used for localizing content and presenting some or all of your website in the language of your users. Can also protect distribution rights. Can be used for spreading load evenly between regions. If you have multiple records for overlapping regions, Route 53 will route to the smallest geographic region. You can create a default record for IP addresses that do not map to a geographic location. References: Amazon Route 53 > Developer Guide > Choosing a routing policy Amazon Route 53
All Home

All Question 11/790


A company runs a legacy application with a single–tier architecture on an Amazon EC2 instance Disk I/O is low. With occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM daily.

Which storage option is MOST appropriate for this workload?

RefreshNextRandom

B. Amazon EBS General Purpose SSD (gp2) storage
All Home

All Question 12/790


A company is rolling out a new web service, but is unsure how many customers the service will attract.

However, the company is unwilling to accept any downtime.

What could a solutions architect recommend to the company to keep?

All Home

All Question 13/790


A company is building its web application using containers on AWS. The company requires three instances of the web application to run at all times. The application must be able to scale to meet increases in demand. Management is extremely sensitive to cost but agrees that the application should be highly available.

What should a solutions architect recommend?

RefreshNextRandom

D. Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Amazon EC2 launch type with one container instance in two different Availability Zones. Create a task definition for the web application. Place two tasks on one container instance and one task on the remaining container instance.
All Home

All Question 14/790


A company must migrate 20 TB of data from a data center to the AWS Cloud within 30 days. The company's network bandwidth is limited to 15 Mbps and cannot exceed 70% utilization. What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Use AWS Snowball.
All Home

All Question 15/790


A company needs to store data in Amazon S3 A compliance requirement states that when any changes are made to objects the previous state of the object with any changes must be preserved Additionally files older than 5 years should not be accessed but need to be archived for auditing

What should a solutions architect recommend that is MOST cost–effective?

RefreshNextRandom

C. Enable object-level versioning Enable a lifecycle policy to move data older than 5 years to S3 Glacier Deep Archive
All Home

All Question 16/790


Does Amazon DynamoDB support both increment and decrement atomic operations?

RefreshNextRandom

C. Yes, both increment and decrement operations.
Amazon DynamoDB supports increment and decrement atomic operations. References: Amazon DynamoDB > Developer Guide > DynamoDB API
All Home

All Question 17/790


A company has concerns about its Amazon RDS database.

The workload is unpredictable, and periodic floods of new user registrations can cause the company to run out of storage.

The database runs on a general purpose instance with 300 GB of storage.

What should a solution architect recommend to the company?

RefreshNextRandom

D. Configure an AWS Lambda function to increase RDS storage by 1 GiB when storage space is low.
All Home

All Question 18/790


A company hosts more than 300 global websites and applications. The company requires a platform to analyze more than 30 TB of clickstream data each day. What should a solutions architect do to transmit and process the clickstream data?

RefreshNextRandom

C. Cache the data to Amazon CloudFront. Store the data in an Amazon S3 bucket. When an object is added to the S3 bucket, run an AWS Lambda function to process the data for analysis.
All Home

All Question 19/790


A solutions architect is designing a mission–critical web application. It will consist of Amazon EC2 instances behind an Application Load Balancer and a relational database. The database should be highly available and fault tolerant.

Which database implementations will meet these requirements? (Choose two.)

RefreshNextRandom

D. MySQL-compatible Amazon Aurora Multi-AZ
E. Amazon RDS for SQL Server Standard Edition Multi-AZ
All Home

All Question 20/790


A company stores call recordings on a monthly basis Statistically, the recorded data may be referenced randomly within a year but accessed rarely after 1 year.

Files that are newer than 1 year old must be queried and retrieved as quickly as possible.

A delay in retrieving older files is acceptable A solutions architect needs to store the recorded data at a minimal cost.

Which solution is MOST cost–effective?

RefreshNextRandom

B. Store individual files in Amazon S3 Use lifecycle policies to move the files to Amazon S3 Glacier after 1 year. Query and retrieve the files from Amazon S3 or S3 Glacier.
All Home

All Question 21/790


A company hosts an application on an Amazon EC2 instance that requires a maximum of 200 GB storage space. The application is used infrequently, with peaks during mornings and evenings. Disk I/O varies, but peaks at 3,000 IOPS. The chief financial officer of the company is concerned about costs and has asked a solutions architect to recommend the most cost–effective storage option that does not sacrifice performance.

Which solution should the solutions architect recommend?

RefreshNextRandom

B. Amazon EBS General Purpose SSD (gp2)
General Purpose SSD (gp2) volumes offer cost-effective storage that is ideal for a broad range of workloads. These volumes deliver single-digit millisecond latencies and the ability to burst to 3,000 IOPS for extended periods of time. Between a minimum of 100 IOPS (at 33.33 GiB and below) and a maximum of 16,000 IOPS (at 5,334 GiB and above), baseline performance scales linearly at 3 IOPS per GiB of volume size. AWS designs gp2 volumes to deliver their provisioned performance 99% of the time. A gp2 volume can range in size from 1 GiB to 16 TiB. In this case the volume would have a baseline performance of 3 x 200 = 600 IOPS. The volume could also burst to 3,000 IOPS for extended periods. As the I/O varies, this should be suitable. CORRECT: "Amazon EBS General Purpose SSD (gp2)" is the correct answer. INCORRECT: "Amazon EBS Provisioned IOPS SSD (io1) " is incorrect as this would be a more expensive option and is not required for the performance characteristics of this workload. INCORRECT: "Amazon EBS Cold HDD (sc1)" is incorrect as there is no IOPS SLA for HDD volumes and they would likely not perform well enough for this workload. INCORRECT: "Amazon EBS Throughput Optimized HDD (st1)" is incorrect as there is no IOPS SLA for HDD volumes and they would likely not perform well enough for this workload. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Amazon EBS volume types
All Home

All Question 22/790


A solution architect is designing the infrastructure for an application.

The application must have a managed MySQL database mat is highly available. The database will be (censed only by resources in the same VPC.

The database also must have auto scaling for storage and compute. Which solution meets these requirements?

RefreshNextRandom

A. Amazon RDS tor MySQL
All Home

All Question 23/790


A company has a service that produces event data. The company wants to use AWS to process the event data as it is received. The data is written in a specific order that must be maintained throughout processing.

The company wants to implement a solution that minimizes operational overhead.

How should a solution architect accomplish this?

RefreshNextRandom

A. Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue to hold messages. Set up an AWS Lambda function to process messages from the queue.
All Home

All Question 24/790


A company is using a VPC peering strategy to connect its VPCs in a single Region to allow for cross communication.

A recent increase in account creations and VPCs has made it difficult to maintain the VPC peering strategy, and the company expects to grow to hundreds of VPCs. There are also new requests to create site–to–site VPNs with some of the VPCs. A solutions architect has been tasked with creating a centrally managed networking setup for multiple accounts, VPCs, and VPNs.

Which networking solution meets these requirements?

RefreshNextRandom

D. Configure a transit gateway with AWS Transit Gateway and connect all VPCs and VPNs.
All Home

All Question 25/790


A company has a three–tier, stateless web application. The company's web and application tiers run on Amazon BC2 instances in an Auto Scaling group with an Amazon Elastic Block Store (Amazon EBS) root volume, and the database tier runs on Amazon RDS for PostgreSQL.

The company's recovery point objective (RPO) is 2 hours.

What should a solutions architect recommend to enable backups for this environment?

RefreshNextRandom

D. Retain the latest Amazon Machine Images (AMIs) of the web and application tiers Configure daily Amazon RDS snapshots and use point-in-time recovery to meet the RPO.
All Home

All Question 26/790


A company is running a multi–tier eCommerce web application in the AWS Cloud. The application runs on Amazon EC2 Instances with an Amazon RDS MySQL Multi–AZ DB instance. Amazon RDS is configured with the latest generation instance with 2,000 GB of storage in an Amazon EBS General Purpose SSD (gp2) volume. The database performance impacts the application during periods of high demand.

After analyzing the logs in Amazon CloudWatch Logs, a database administrator finds that the application performance always degrades when the number of read and write IOPS is higher than 6.000.

What should a solutions architect do to improve the application performance?

RefreshNextRandom

C. Replace the volume with a Provisioned IOPS (PIOPS) volume.
All Home

All Question 27/790


A company is planning to migrate a commercial off–the–shelf application from its on–premises data center to AWS. The software has a software licensing model using sockets and cores with predictable capacity and uptime requirements. The company wants to use its existing licenses, which were purchased earlier this year.

Which Amazon EC2 pricing option is the MOST cost–effective?

RefreshNextRandom

C. Dedicated Reserved Instances
All Home

All Question 28/790


A company wants to improve the availability and performance of its hybrid application. The application consists of a stateful TCP–based workload hosted on Amazon EC2 instances in different AWS Regions and a stateless UOP–based workload hosted on–premises.

Which combination of actions should a solutions architect take to improve availability and performance? (Choose two.)

RefreshNextRandom

A. Create an accelerator using AWS Global Accelerator. Add the load balancers as endpoints.
D. Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure a Network Load Balancer in each Region that routes to the on-premises endpoints.
All Home

All Question 29/790


A company is deploying a public–facing global application on AWS using Amazon CloudFront. The application communicates with an external system. A solutions architect needs to ensure the data is secured during end–to–end transit and at rest.

Which combination of steps will satisfy these requirements? (Select TWO)

RefreshNextRandom

C. Provision Amazon EBS encrypted volumes using AWS KMS and ensure explicit encryption of data when writing to Amazon EBS.
D. Use SSL or encrypt data while communicating with the external system using a VPN.
All Home

All Question 30/790


A company hosts a multi–tier web application that uses an Amazon Aurora MySQL DB cluster for storage. The application tier is hosted on Amazon EC2 instances. The company's IT security guidelines mandate that the database credentials be encrypted and rotated every 14 days.

What should a solutions architect do to meet this requirement with the LEAST operational effort?

RefreshNextRandom

B. Create two parameters in AWS Systems Manager Parameter Store: one for the user name as a string parameter and one that uses the SecureString type for the password. Select AWS Key Management Service (AWS KMS) encryption for the password parameter, and load these parameters in the application tier. Implement an AWS Lambda function that rotates the password every 14 days.
All Home

All Question 31/790


A solutions architect needs to ensure that all Amazon Elastic Block Store (Amazon EBS) volumes restored from unencrypted EBC snapshots are encrypted.

What should the solutions architect do to accomplish this?

RefreshNextRandom

A. Enable EBS encryption by default for the AWS Region.
Question asked is to ensure that all volumes restored are encrypted. So have to be "Enable encryption by default".
All Home

All Question 32/790


A company sells datasets to customers who do research in artificial intelligence and machine learning (AIMU).

The datasets are large formatted files met are stored in an Amazon S3 bucket in the us–east–1 Region.

The company hosts a web application that the customers use o purchase access to a given dataset.

The web application Is deployed on mutate Amazon EC2 instances behind an Application Load Balancer.

After a purchase is made customers receive an S3 signed URL that allows access to the files. The customers are distributed across North America and Europe.

The company wants to reduce the cost that is associated with data transfers and wants to maintain or improve performance.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Configure S3 Transfer Accelerator on the ex sting S3 bucket. Direct customer requests to the S3 Transfer Acceleration endpoint Continue to use S3 signed URLs for access control
All Home

All Question 33/790


A product team is creating a new application that will store a large amount of data. The data will be analyzed hourly and modified by multiple Amazon EC2 Linux instances. The application team believes the amount of space needed will continue to grow for the next 6 months.

Which set of actions should a solutions architect take to support these needs?

RefreshNextRandom

B. Store the data in an Amazon EFS file system. Mount the file system on the application instances.
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. "The data will be analyzed hourly and modified by multiple Amazon EC2 Linux instances." Amazon EFS is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent low latencies. Amazon EFS is well suited to support a broad spectrum of use cases from home directories to business-critical applications. Customers can use EFS to lift-and-shift existing enterprise applications to the AWS Cloud. Other use cases include big data analytics, web serving and content management, application development and testing, media and entertainment workflows, database backups, and container storage. Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.
All Home

All Question 34/790


A company wants to migrate its MySQL database from on–premises to AWS. The company recently experienced a database outage that significantly impacted the business. To ensure this does not happen again, the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes.

Which solution meets these requirements?

RefreshNextRandom

B. Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data.
All Home

All Question 35/790


A company is building a web application that servers a content management system.

The content management system runs on Amazon EC2 instances behind an Application Load Balancer (ALB).

The EC2 instances run in an Auto Scaling group across Availability Zones.

Users are constantly adding and updating files, blogs, and other website assets in the content management system.

Which solution meets these requirements?

RefreshNextRandom

C. Copy the website assets to an Amazon S3 bucket. Ensure that each EC2 instance downloads the website assets from the S3 bucket to the attached Amazon Basic Block Store (Amazon EBS) volume. Run the S3 sync command once each hour to keep files up to date.
All Home

All Question 36/790


A company runs a website on Amazon EC2 instances behind an ELB Application Load Balancer. Amazon Route 53 is used for the DNS. The company wants to set up a backup website with a message including a phone number and email address that users can reach if the primary website is down.

How should the company deploy this solution?

RefreshNextRandom

A. Use Amazon S3 website hosting for the backup website and Route 53 failover routing policy.
All Home

All Question 37/790


A company hosts a website on–premises and wants to migrate it to the AWS Cloud. The website exposes a single hostname to the internet but it routes its functions to different on–premises server groups based on the path of the URL. The server groups are scaled independently depending on the needs of the functions they support. The company has an AWS Direct Connect connection configured to its on–premises network.

What should a solutions architect do to provide path–based routing to send the traffic to the correct group of servers?

RefreshNextRandom

B. Route all traffic to a Network Load Balancer (NLB) with target groups for each group of servers. Use pattern matching rules at the NLB to route traffic to the correct target group.
All Home

All Question 38/790



Which action will fulfill these requirements and maintain security?

RefreshNextRandom

B. Configure an S3 gateway endpoint.
VPC endpoints: A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network. An interface endpoint is an elastic network interface with a private IP address from the IP address range of your subnet that serves as an entry point for traffic destined to a supported service. Interface endpoints are powered by AWS PrivateLink, a technology that enables you to privately access services by using private IP addresses. AWS PrivateLink restricts all network traffic between your VPC and services to the Amazon network. You do not need an internet gateway, a NAT device, or a virtual private gateway. References: Amazon Virtual Private Cloud > AWS PrivateLink > Endpoints for Amazon S3 Amazon Virtual Private Cloud > AWS PrivateLink > Gateway VPC endpoints
All Home

All Question 39/790


You are checking the workload on some of your General Purpose (SSD) and Provisioned IOPS (SSD) volumes and it seems that the I/O latency is higher than you require. You should probably check the to make sure that your application is not trying to drive more IOPS than you have provisioned.

RefreshNextRandom

C. Average queue length
In EBS workload demand plays an important role in getting the most out of your General Purpose (SSD) and Provisioned IOPS (SSD) volumes. In order for your volumes to deliver the amount of IOPS that are available, they need to have enough I/O requests sent to them. There is a relationship between the demand on the volumes, the amount of IOPS that are available to them, and the latency of the request (the amount of time it takes for the I/O operation to complete). Latency is the true end-to-end client time of an I/O operation; in other words, when the client sends a IO, how long does it take to get an acknowledgment from the storage subsystem that the IO read or write is complete. If your I/O latency is higher than you require, check your average queue length to make sure that your application is not trying to drive more IOPS than you have provisioned. You can maintain high IOPS while keeping latency down by maintaining a low average queue length (which is achieved by provisioning more IOPS for your volume). References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > What is Amazon EC2?
All Home

All Question 40/790


In Amazon EC2 Container Service components, what is the name of a logical grouping of container instances on which you can place tasks?

RefreshNextRandom

A. A cluster
Amazon ECS contains the following components: A Cluster is a logical grouping of container instances that you can place tasks on. A Container instance is an Amazon EC2 instance that is running the Amazon ECS agent and has been registered into a cluster. A Task definition is a description of an application that contains one or more container definitions. A Scheduler is the method used for placing tasks on container instances. A Service is an Amazon ECS service that allows you to run and maintain a specified number of instances of a task definition simultaneously. A Task is an instantiation of a task definition that is running on a container instance. A Container is a Linux container that was created as part of a task. References: Amazon Elastic Container Service > Developer Guide > What is Amazon Elastic Container Service?
All Home

All Question 41/790


An eceCommerceompany is experiencing an increase in user traffic. The company's store is deployed on Amazon EC2 instances as a two–tier two application consisting of a web tier and a separate database tier.

As traffic increases, the company notices that the architecture is causing significant delays in sending timely marketing and order confirmation email to users. The company wants to reduce the time it spends resolving complex email delivery issues and minimize operational overhead.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

B. Configure the web instance to send email through Amazon Simple Email Service (Amazon SES).
All Home

All Question 42/790


A solutions architect is designing a solution to access a catalog of images and provide users with the ability to submit requests to customize images. Image customization parameters will be in any request sent to an AWS API Gateway API. The customized image will be generated on demand, and users will receive a link they can click to view or download their customized image. The solution must be highly available for viewing and customizing images.

What is the MOST cost–effective solution to meet these requirements?

RefreshNextRandom

B. Use AWS Lambda to manipulate the original image to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.
AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume – there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service – all with zero administration. AWS Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring, and logging. All you need to do is supply your code in one of the languages that AWS Lambda supports. Storing your static content with S3 provides a lot of advantages. But to help optimize your application's performance and security while effectively managing cost, we recommend that you also set up Amazon CloudFront to work with your S3 bucket to serve and protect the content. CloudFront is a content delivery network (CDN) service that delivers static and dynamic web content, video streams, and APIs around the world, securely and at scale. By design, delivering data out of CloudFront can be more cost effective than delivering it from S3 directly to your users. CloudFront serves content through a worldwide network of data centers called Edge Locations. Using edge servers to cache and serve content improves performance by providing content closer to where viewers are located. CloudFront has edge servers in locations all around the world. All solutions presented are highly available. The key requirement that must be satisfied is that the solution should be cost-effective and you must choose the most cost-effective option. Therefore, it's best to eliminate services such as Amazon EC2 and ELB as these require ongoing costs even when they're not used. Instead, a fully serverless solution should be used. AWS Lambda, Amazon S3 and CloudFront are the best services to use for these requirements. CORRECT: "Use AWS Lambda to manipulate the original images to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin" is the correct answer. INCORRECT: "Use Amazon EC2 instances to manipulate the original images into the requested customization. Store the original and manipulated images in Amazon S3. Configure an Elastic Load Balancer in front of the EC2 instances" is incorrect. This is not the most cost-effective option as the ELB and EC2 instances will incur costs even when not used. INCORRECT: "Use AWS Lambda to manipulate the original images to the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Elastic Load Balancer in front of the Amazon EC2 instances" is incorrect. This is not the most cost-effective option as the ELB will incur costs even when not used. Also, Amazon DynamoDB will incur RCU/WCUs when running and is not the best choice for storing images. INCORRECT: "Use Amazon EC2 instances to manipulate the original images into the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Amazon CloudFront distribution with the S3 bucket as the origin" is incorrect. This is not the most cost-effective option as the EC2 instances will incur costs even when not used. References: Serverless on AWS
All Home

All Question 43/790


A solutions architect is designing storage for a high performance computing (HPC) environment based on Amazon Linux. The workload stores and processes a large amount of engineering drawings that require shared storage and heavy computing.

Which storage option would be the optimal solution?

RefreshNextRandom

B. Amazon FSx for Lustre
Amazon FSx for Lustre is a new, fully managed service provided by AWS based on the Lustre file system. Amazon FSx for Lustre provides a high-performance file system optimized for fast processing of workloads such as machine learning, high performance computing (HPC), video processing, financial modeling, and electronic design automation (EDA). FSx for Lustre allows customers to create a Lustre filesystem on demand and associate it to an Amazon S3 bucket. As part of the filesystem creation, Lustre reads the objects in the buckets and adds that to the file system metadata. Any Lustre client in your VPC is then able to access the data, which gets cached on the high-speed Lustre filesystem. This is ideal for HPC workloads, because you can get the speed of an optimized Lustre file system without having to manage the complexity of deploying, optimizing, and managing the Lustre cluster. Additionally, having the filesystem work natively with Amazon S3 means you can shut down the Lustre filesystem when you don't need it but still access objects in Amazon S3 via other AWS Services. FSx for Lustre also allows you to also write the output of your HPC job back to Amazon S3.
All Home

All Question 44/790


An eCommerce application places orders in an Amazon Simple Queue Service (Amazon SQS) queue.

When a message is received, the Amazon EC2 worker instances process the request The EC2 instances are in an Auto Scaling group 236.

How should the architecture be designed to scale the auto scaling group with the LEAST amount of operational overhead?

RefreshNextRandom

C. Use an Amazon CloudWatch alarm based on the number of messages in the queue to scale the Auto Scaling group up or down
All Home

All Question 45/790


A company is seeing access requests by some suspicious IP addresses. The security team discovers the requests are from different IP addresses under the same CIDR range.

What should a solutions architect recommend to the team?

RefreshNextRandom

C. Add a deny rule in the inbound table of the network ACL with a lower number than other rules.
You can only create deny rules with network ACLs, it is not possible with security groups. Network ACLs process rules in order from the lowest numbered rules to the highest until they reach and allow or deny. The following table describes some of the differences between security groups and network ACLs: Therefore, the solutions architect should add a deny rule in the inbound table of the network ACL with a lower rule number than other rules. CORRECT: "Add a deny rule in the inbound table of the network ACL with a lower rule number than other rules" is the correct answer. INCORRECT: "Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules" is incorrect as this will only block outbound traffic. INCORRECT: "Add a rule in the inbound table of the security group to deny the traffic from that CIDR range" is incorrect as you cannot create a deny rule with a security group. INCORRECT: "Add a rule in the outbound table of the security group to deny the traffic from that CIDR range" is incorrect as you cannot create a deny rule with a security group. References: Amazon Virtual Private Cloud > User Guide > Network ACLs
All Home

All Question 46/790


A company has two AWS accounts: Production and Development. There are code changes ready in the Development account to push to the Production account. In the alpha phase, only two senior developers on the development team need access to the Production account. In the beta phase, more developers might need access to perform testing as well.

What should a solutions architect recommend?

RefreshNextRandom

D. Create an IAM group in the Production account and add it as a principal in the trust policy that specifies the Production account. Add developers to the group.
All Home

All Question 47/790


A company is moving its on–premises Oracle database to Amazon Aurora PostgreSQL. The database has several applications that write to the same tables. The applications need to be migrated one by one with a month in between each migration Management has expressed concerns that the database has a high number of reads and writes. The data must be kept in sync across both databases throughout tie migration.

What should a solutions architect recommend?

RefreshNextRandom

C. Use the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a memory optimized replication instance. Create a full load plus change data capture (CDC) replication task and a table mapping to select all tables.
As you can see, we have three important memory buffers in this architecture for CDC in AWS DMS. If any of these buffers experience memory pressure, the migration can have performance issues that can potentially cause failures. References: AWS Database Migration Service > User Guide > Choosing the right AWS DMS replication instance for your migration
All Home

All Question 48/790


During a review of business applications, a Solutions Architect identifies a critical application with a relational database that was built by a business user and is running on the user's desktop. To reduce the risk of a business interruption, the Solutions Architect wants to migrate the application to a highly available, multi–tiered solution in AWS.

What should the Solutions Architect do to accomplish this with the LEAST amount of disruption to the business?

RefreshNextRandom

D. Use AWS DMS to migrate the backend database to an Amazon RDS Multi-AZ DB instance. Migrate the application code to AWS Elastic Beanstalk
All Home

All Question 49/790


A solutions architect plans to convert a company's monolithic web application into a multi–tier application.

The company wants to avoid managing its own infrastructure. The minimum requirements for the web application are high availability, scalability, and regional low latency during peak hours. The solution should also store and retrieve data with millisecond latency using the application's API.

Which solution meets these requirements?

RefreshNextRandom

A. Use AWS Fargate to host the web application with backend Amazon RDS Multi-AZ DB instances.
All Home

All Question 50/790


A company decides to migrate its three–tier web application from on–premises to the AWS Cloud. The new database must be capable of dynamically scaling storage capacity and performing table joins.

Which AWS service meets these requirements?

All Home

All Question 51/790


Can you specify the security group that you created for a VPC when you launch an instance in EC2–Classic?

RefreshNextRandom

B. No
If you're using EC2-Classic, you must use security groups created specifically for EC2-Classic. When you launch an instance in EC2-Classic, you must specify a security group in the same region as the instance. You can't specify a security group that you created for a VPC when you launch an instance in EC2-Classic. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Amazon EC2 security groups for Linux instances
All Home

All Question 52/790


A company runs an online marketplace web application on AWS. The application serves hundreds of thousands of users during peak hours. The company needs a scalable, near–real–time solution to share the details of millions of financial transactions with several other internal applications. Transactions also need to be processed to remove sensitive data before being stored in a document database for low–latency retrieval.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

C. Stream the transactions data into Amazon Kinesis Data Streams. Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoD
B. Other applications can consume the transactions data off the Kinesis data stream.
All Home

All Question 53/790


A company's order fulfillment service uses a MySQL database.

The database needs to support a large number of concurrent queries and transactions Developers are spending time patching and tuning the database.

This is causing delays in releasing new product features.

The company wants to use cloud–based services to help address this new challenge.

The solution must allow the developers to migrate the database with little or no code changes and must optimize performance.

Which service should a solutions architect use to meet these requirements?

All Home

All Question 54/790


A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS for MySQL database, and Application Load Balance Amazon Elastic Container Service (Amazon ECS) to host the website and its microservices.

Which design changes should a solutions architect recommend to support the expected growth? (Select TWO.)

RefreshNextRandom

A. Move static files from Amazon ECS to Amazon S3
E. Create RDS lead replicas and change the application to use these replicas.
All Home

All Question 55/790


A three–tier web application processes orders from customers. The web tier consists of Amazon EC2 instances behind an Application Load Balancer, a middle tier of three EC2 instances decoupled from the web tier using Amazon SQS, and an Amazon DynamoDB backend. At peak times, customers who submit orders using the site have to wait much longer than normal to receive confirmations due to lengthy processing times. A solutions architect needs to reduce these processing times.

Which action will be MOST effective in accomplishing this?

RefreshNextRandom

D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SQS queue depth.
All Home

All Question 56/790


A company has been running a web application with an Oracle relational database in an on–premises data center for the past 15 years. The company must migrate the database to AWS. The company needs to reduce operational overhead without having to modify the application's code.

Which solution meets these requirements?

RefreshNextRandom

A. Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon RDS.
All Home

All Question 57/790



Which solution will meet these requirements?

RefreshNextRandom

A. Set up a VPC peering connection between VPC-A and VPC-B.
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The traffic remains in the private IP space. All inter-region traffic is encrypted with no single point of failure, or bandwidth bottleneck. References: Amazon Virtual Private Cloud > VPC Peering > What is VPC peering?
All Home

All Question 58/790


A company needs to comply with a regulatory requirement that states all emails must be stored and archived externally for 7 years. An administrator has created compressed email files on premises and wants a managed service to transfer the files to AWS storage.

Which managed service should a solutions architect recommend?

RefreshNextRandom

D. AWS Storage Gateway
All Home

All Question 59/790


An application is running on an Amazon EC2 instance and must have millisecond latency when running the workload. The application makes many small reads and writes to the file system, but the file system itself is small.

Which Amazon Elastic Block Store (Amazon EBS) volume type should a solutions architect attach to their EC2 instance?

RefreshNextRandom

B. General Purpose SSD (gp2)
All Home

All Question 60/790


A company wants to build an online marketplace application on AWS as a set of loosely coupled microservices. For this application, when a customer submits a new order, two microservices should handle the event simultaneously. The Email microservice will send a confirmation email, and the order processing microservice will start the order delivery process. If a customer cancels an order, the OrderCancelation and Email microservices should handle the event simultaneously.

A solutions architect wants to use Amazon Simple Queue Service (Amazon SQS) and Amazon Simple

Notification Service (Amazon SNS) to design the messaging between the microservices.

How should the solutions architect design the solution?

RefreshNextRandom

D. Create two SQS queues and publish order events to both queues simultaneously. One queue is for the Email and OrderProcessing microservices. The second queue is for the Email and Order Cancellation microservices.
All Home

All Question 61/790


A solutions architect needs to design a resilient solution for Windows users' home directories. The solution must provide fault tolerance, file–level backup and recovery, and access control, based upon the company's Active Directory.

Which storage solution meets these requirements?

RefreshNextRandom

C. Configure Amazon Elastic File System (Amazon EFS) for the users' home directories. Configure AWS Single Sign-On with Active Directory.
All Home

All Question 62/790


A company's dynamic website is hosted using on–premises servers in the United States. The company is launching its product in Europe and it wants to optimize site loading times for new European users. The site's backend must remain in the United States.

The product is being launched in a few days, and an immediate solution is needed

What should the solutions architect recommend?

RefreshNextRandom

C. Use Amazon CloudFront with a custom origin pointing to the on-premises servers
All Home

All Question 63/790


A company has an application that ingests incoming messages. These messages are then quickly consumed by dozens of other applications and microservices. The number of messages varies drastically and sometimes spikes as high as 100,000 each second. The company wants to decouple the solution and increase scalability.

Which solution meets these requirements?

RefreshNextRandom

D. Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with one or more Amazon Simple Queue Service (Amazon SQS) subscriptions. All applications then process the messages from the queues.
Q: How large can Amazon SQS message queues be? A single Amazon SQS message queue can contain an unlimited number of messages. However, there is a 120,000 quota for the number of inflight messages for a standard queue and 20,000 for a FIFO queue. Messages are inflight after they have been received from the queue by a consuming component, but have not yet been deleted from the queue. References: Amazon SQS FAQs
All Home

All Question 64/790


A solution architect must migrate a Windows internet information Services (IIS) web application to AWS. The application currently relies on a file share hosted in the user's on–premises network–attached storage (NAS). The solution architected has proposed migrating the IIS web servers.

Which replacement to the on–promises filo share is MOST resilient and durable?

RefreshNextRandom

C. Migrate the file Share to Amazon FSx dor Windows File Server. References: Amazon FSx for Windows File Server
All Home

All Question 65/790


A company provides an online service for posting video content and transcoding it for use by any mobile platform.

The application architecture uses Amazon Elastic File System (Amazon EFS) Standard to collect and store the videos so that multiple Amazon EC2 Linux instances can access the video content for processing.

As the popularity of the service has grown over time, the storage costs have become too expensive.

Which storage solution is MOST cost–effective?

RefreshNextRandom

A. Use AWS Storage Gateway for files to store and process the video content
All Home

All Question 66/790


A major finance organization has engaged your company to set up a large data mining application. Using AWS you decide the best service for this is Amazon Elastic MapReduce(EMR) which you know uses Hadoop. Which of the following statements best describes Hadoop?

RefreshNextRandom

C. Hadoop is an open source Java software framework
Amazon EMR uses Apache Hadoop as its distributed data processing engine. Hadoop is an open source, Java software framework that supports data-intensive distributed applications running on large clusters of commodity hardware. Hadoop implements a programming model named "MapReduce," where the data is divided into many small fragments of work, each of which may be executed on any node in the cluster. This framework has been widely used by developers, enterprises and startups and has proven to be a reliable software platform for processing up to petabytes of data on clusters of thousands of commodity machines. References: Amazon EMR FAQs
All Home

All Question 67/790


A web application must persist order data to Amazon S3 to support near–real–time processing. A solutions architect needs create an architecture that is both scalable and fault tolerant.

Which solutions meet these requirements? (Select TWO)

RefreshNextRandom

A. Write the order event to an Amazon DynamoDB table. Use DynamoDB Streams to trigger an AWS Lambda function that parses the payload and writes the data to Amazon
B. Write the order event to an Amazon Simple Queue Service (Amazon SQS) queue. Use the queue to trigger an AWS Lambda function that parses the payload and writes the data to Amazon S3.
All Home

All Question 68/790


A company is managing health records on–premises. The company must keep these records indefinitely, disable any modifications to the records once they are stored, and granularly audit access at all levels. The chief technology officer (CTO) is concerned because there are already millions of records not being used by any application, and the current infrastructure is running out of space. The CTO has requested a solutions architect design a solution to move existing data and support future records.

Which services can the solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with data events.
Keyword: Move existing data and support future records + Granular audit access at all levels Use AWS DataSync to migrate existing data to Amazon S3, and then use the File Gateway configuration of AWS Storage Gateway to retain access to the migrated data and for ongoing updates from your on-premises file-based applications. Need a solution to move existing data and support future records = AWS DataSync should be used for migration. Need granular audit access at all levels = Data Events should be used in CloudTrail, Management Events is enabled by default. CORRECT: "Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with data events" is the correct answer. INCORRECT: "Use AWS Storage Gateway to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events" is incorrect as "current infrastructure is running out of space" INCORRECT: "Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events." is incorrect as "Management Events is enabled by default" INCORRECT: "Use AWS Storage Gateway to move existing data to AWS. Use Amazon Elastic Block Store (Amazon EBS) to store existing and new data. Enable Amazon S3 object lock and enable Amazon S3 server access logging." is incorrect as "current infrastructure is running out of space" References: AWS DataSync AWS CloudTrail AWS Storage Gateway
All Home

All Question 69/790


A gaming company is designing a highly available architecture.

The application runs on a modified Linux kernel and support only UDP–based traffic. The company needs the front–end tier to provide the best possible user experience.

The tier must have low latency, route traffic to the nearest edge location, and possible static IP addresses for entry into the application endpoints.

What should a solution architect do to meet these requirements?

RefreshNextRandom

A. Configure Amazon Route 53 to forward requests to an Application Load Balancer. Use AWS Lambda for the application in AWS Application Auto Scaling.
All Home

All Question 70/790


A company needs to share an Amazon S3 bucket with an external vendor. The bucket owner must be able to access all objects.

Which action should be taken to share the S3 bucket?

RefreshNextRandom

C. Create a bucket policy to require users to grant bucket-owner-full when uploading objects
All Home

All Question 71/790


A start–up company has a web application based in the us–east–1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones. As the company's user base grows in the us–west–1 Region, it needs a solution with low latency and high availability.

What should a solutions architect do to accomplish this?

RefreshNextRandom

C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
Register endpoints for endpoint groups: You register one or more regional resources, such as Application Load Balancers, Network Load Balancers, EC2 Instances, or Elastic IP addresses, in each endpoint group. Then you can set weights to choose how much traffic is routed to each endpoint. Endpoints in AWS Global Accelerator: Endpoints in AWS Global Accelerator can be Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses. A static IP address serves as a single point of contact for clients, and Global Accelerator then distributes incoming traffic across healthy endpoints. Global Accelerator directs traffic to endpoints by using the port (or port range) that you specify for the listener that the endpoint group for the endpoint belongs to. Each endpoint group can have multiple endpoints. You can add each endpoint to multiple endpoint groups, but the endpoint groups must be associated with different listeners. Global Accelerator continually monitors the health of all endpoints that are included in an endpoint group. It routes traffic only to the active endpoints that are healthy. If Global Accelerator doesn't have any healthy endpoints to route traffic to, it routes traffic to all endpoints. ELB provides load balancing within one Region, AWS Global Accelerator provides traffic management across multiple Regions […] AWS Global Accelerator complements ELB by extending these capabilities beyond a single AWS Region, allowing you to provision a global interface for your applications in any number of Regions. If you have workloads that cater to a global client base, we recommend that you use AWS Global Accelerator. If you have workloads hosted in a single AWS Region and used by clients in and around the same Region, you can use an Application Load Balancer or Network Load Balancer to manage your resources. References: AWS Global Accelerator FAQs
All Home

All Question 72/790


The following are the key requirements:

The web servers must be accessible only to users on an SSL connection.
The database should be accessible to the web layer, which is created in a public subnet only.
All traffic to and from the IP range 182.20.0.0/16 subnet should be blocked.
Which combination of steps meets these requirements? (Select two.)

RefreshNextRandom

B. Create a database server security group with an inbound rule for MySQL port 3306 and specify the source as a web server security group.
D. Create a web server security group with an inbound rule for HTTPS port 443 traffic from anywhere (0.0.0.0/0). Create network ACL inbound and outbound deny rules for IP range 182.20.0.0/16.
All Home

All Question 73/790


Does DynamoDB support in–place atomic updates?

RefreshNextRandom

A. Yes
DynamoDB supports in-place atomic updates. References: Amazon DynamoDB > Developer Guide > Working with Items and Attributes
All Home

All Question 74/790


A company stores user data in AWS. The data is used continuously with peak usage during business hours.

Access patterns vary, with some data not being used for months at a time.

A solution architect must choose a cost that maintains the highest level of durability while maintaining high availability.

Which storage solution meets these requirements?

RefreshNextRandom

A. Amazon S3 Standard
All Home

All Question 75/790


A company uses Application Load Balancers (ALBs) in different AWS Regions. The ALBs receive inconsistent traffic that can spike and drop throughout the year. The company's networking team needs to allow the IP addresses of the ALBs in the on–premises firewall to enable connectivity.

Which solution is the MOST scalable with minimal configuration changes?

RefreshNextRandom

C. Launch AWS Global Accelerator. Register the ALBs in different Regions to the accelerator. Update the on-premises firewall's rule to allow static IP addresses associated with the accelerator.
All Home

All Question 76/790


A company has multiple AWS accounts with applications deployed in the us–west–2 Region Application togs are stored within Amazon S3 buckets in each account. The company wants to build a centralized log analysts solution that uses a single S3 bucket Logs must not leave us– west–2T and the company wants to incur minimal operational overhead.

Which solution meets these requirements and is MOST cost–effective?

RefreshNextRandom

A. Create an S3 Lifecycle policy that copies the objects from one of the application S3 buckets to the centralized S3 bucket
All Home

All Question 77/790


A company wants to migrate a high performance computing (HPC) application and data from on–premises to the AWS Cloud. The company uses tiered storage on–premises with hot high–performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running.

Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Choose two.)

RefreshNextRandom

A. Amazon S3 for cold data storage
D. Amazon FSx for Lustre for high-performance parallel storage
Amazon FSx for Lustre makes it easy and cost effective to launch and run the world's most popular high-performance file system. Use it for workloads where speed matters, such as machine learning, high performance computing (HPC), video processing, and financial modeling. Amazon FSx for Lustre provides a high-performance file system optimized for fast processing of workloads such as machine learning, high-performance computing (HPC), video processing, financial modeling, and electronic design automation (EDA). These workloads commonly require data to be presented via a fast and scalable file system interface, and typically have data sets stored on long-term data stores like Amazon S3. Amazon FSx works natively with Amazon S3, making it easy to access your S3 data to run data processing workloads. Your S3 objects are presented as files in your file system, and you can write your results back to S3. This lets you run data processing workloads on FSx for Lustre and store your long-term data on S3 or on-premises data stores. Therefore, the best combination for this scenario is to use S3 for cold data and FSx for Lustre for the parallel HPC job. CORRECT: "Amazon S3 for cold data storage" is the correct answer. CORRECT: "Amazon FSx for Lustre for high-performance parallel storage" is the correct answer. INCORRECT: "Amazon EFS for cold data storage" is incorrect as FSx works natively with S3 which is also more economical. INCORRECT: "Amazon S3 for high-performance parallel storage" is incorrect as S3 is not suitable for running high-performance computing jobs. INCORRECT: "Amazon FSx for Windows for high-performance parallel storage" is incorrect as FSx for Lustre should be used for HPC use cases and use cases that require storing data on S3. References: Amazon FSx for Lustre
All Home

All Question 78/790


A company runs a photo processing application that needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region.

A solutions architect has noticed an increased cost in data transfer fees and needs to implement a solution to reduce these costs.

How can the solutions architect meet this requirement?

RefreshNextRandom

B. Deploy a NAT gateway into a public subnet and attach an end point policy that allows access to the S3 buckets.
All Home

All Question 79/790


An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time.

What is the MOST secure way to do this?

RefreshNextRandom

C. Generate a presigned URL and have the vendor download the log file before it expires.
Share an object with others All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a presigned URL, using their own security credentials, to grant time-limited permission to download the objects. When you create a presigned URL for your object, you must provide your security credentials, specify a bucket name, an object key, specify the HTTP method (GET to download the object) and expiration date and time. The presigned URLs are valid only for the specified duration. Anyone who receives the presigned URL can then access the object. For example, if you have a video in your bucket and both the bucket and the object are private, you can share the video with others by generating a presigned URL.
All Home

All Question 80/790



Which method should the solutions architect select?

RefreshNextRandom

A. Configure Amazon DynamoDB Accelerator (DAX) for the new messages table. Update the code to use the DAX endpoint.
Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache that can reduce Amazon DynamoDB response times from milliseconds to microseconds, even at millions of requests per second. Amazon ElastiCache is incorrect because although you may use ElastiCache as your database cache, it will not reduce the DynamoDB response time from milliseconds to microseconds as compared with DynamoDB DAX. AWS Device Farm is incorrect because this is an app testing service that lets you test and interact with your Android, iOS, and web apps on many devices at once, or reproduce issues on a device in real-time. DynamoDB Read Replica is incorrect because this is primarily used to automate capacity management for your tables and global secondary indexes. References: Amazon DynamoDB Accelerator (DAX) AWS Device Farm
All Home

All Question 81/790


An eCommerce website is deploying its web application as Amazon Elastic Container Service (Amazon ECS) container instances behind an Application Load Balancer (ALB). During periods of high activity, the website slows down and availability is reduced.

A solutions architect uses Amazon CloudWatch alarms to receive notifications whenever there is an availability issue so they can scale out resources. Company management wants a solution that automatically responds to such events.

Which solution meets these requirements?

RefreshNextRandom

A. Set up AWS Auto Scaling to scale out the ECS service when there are timeouts on the AL
B. Set up AWS Auto Scaling to scale out the ECS cluster when the CPU or memory reservation is too high.
All Home

All Question 82/790


An application uses an Amazon RDS MySQL DB instance. The RDS database is becoming low on disk space. A solutions architect wants to increase the disk space without downtime. Which solution meets these requirements with the LEAST amount of effort?

RefreshNextRandom

C. Change the RDS database instance storage type to Provisioned IOPS.
All Home

All Question 83/790


A company runs an application in a branch office within a small data closet with no virtualized compute resources. The application data is stored on an NFS volume. Compliance standards require a daily offsite backup of the NFS volume.

Which solution meet these requirements?

RefreshNextRandom

B. Install an AWS Storage Gateway file gateway hardware appliance on premises to replicate the data to Amazon S3.
AWS Storage Gateway Hardware Appliance Hardware Appliance: Storage Gateway is available as a hardware appliance, adding to the existing support for VMware ESXi, Microsoft Hyper-V, and Amazon EC2. This means that you can now make use of Storage Gateway in situations where you do not have a virtualized environment, server-class hardware or IT staff with the specialized skills that are needed to manage them. You can order appliances from Amazon.com for delivery to branch offices, warehouses, and "outpost" offices that lack dedicated IT resources. Setup (as you will see in a minute) is quick and easy, and gives you access to three storage solutions: File Gateway: A file interface to Amazon S3, accessible via NFS or SMB. The files are stored as S3 objects, allowing you to make use of specialized S3 features such as lifecycle management and cross region replication. You can trigger AWS Lambda functions, run Amazon Athena queries, and use Amazon Macie to discover and classify sensitive data. Keyword: NFS + Compliance File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3. It can be used for on-premises applications, and for Amazon EC2- resident applications that need file storage in S3 for object based workloads. Used for flat files only, stored directly on S3. File gateway offers SMB or NFS-based access to data in Amazon S3 with local caching. WS Storage Gateway – File Gateway The table below shows the different gateways available and the interfaces and use cases: Storage Gateway Overview CORRECT: "Install an AWS Storage Gateway file gateway hardware appliance on premises to replicate the data to Amazon S3" is the correct answer. INCORRECT: "Install an AWS Storage Gateway file gateway on premises to replicate the data to Amazon S3" is incorrect. INCORRECT: "Install an AWS Storage Gateway volume gateway with stored volumes on premises to replicate the data to Amazon S3" is incorrect as unsupported NFS. INCORRECT: "Install an AWS Storage Gateway volume gateway with cached volumes on premises to replicate the data to Amazon S3" is incorrect as unsupported NFS. References: AWS News Blog > File Interface to AWS Storage Gateway
All Home

All Question 84/790


A company has an eCommerce application that stores data in an on–premises SQL database. The company has decided to migrate this database to AWS. However, as part of the migration, the company wants to find a way to attain sub–millisecond responses to common read requests.

A solutions architect knows that the increase in speed is paramount and that a small percentage of stale data returned in the database reads is acceptable.

What should the solutions architect recommend?

RefreshNextRandom

C. Build a database cache using Amazon ElastiCache.
To attain sub-millisecond responses to common read requests. REDIS (REmote DIctionary Server) delivers sub-millisecond response times enabling millions of requests per second for real-time applications.
All Home

All Question 85/790


A company wants to optimize the cost of its data storage for data that is accessed quarterly. The company requires high throughput, low latency, and rapid access, when needed.

Which Amazon S3 storage class should a solutions architect recommend?

RefreshNextRandom

B. Amazon S3 Standard (S3 Standard)
All Home

All Question 86/790


A company is running a multi–tier eCommerce web application in the AWS Cloud. The web application is running on Amazon EC2 instances.

The database tier Is on a provisioned Amazon Aurora MySQL DB cluster with a writer and a reader in a Multi–AZ environment.

The new requirement for the database tier is to serve the application to achieve continuous write availability through an Instance failover.

What should a solutions architect do to meet this new requirement?

RefreshNextRandom

D. Migrate the database tier to an Aurora DB cluster with parallel query enabled.
All Home

All Question 87/790


A solutions architect is designing an elastic application that will have between 10 and 50 Amazon EC2 concurrent instances running depending on the load.

Each instance must mount storage that will read and write to the same 50 GB folder.

Which storage type meets the requirements?

RefreshNextRandom

B. Amazon Elastic File System (Amazon EFS)
All Home

All Question 88/790


A company is deploying a multi–instance application within AWS that requires minimal latency between the instances.

What should a solutions architect recommend?

RefreshNextRandom

A. Use an Auto Scaling group with a cluster placement group.
All Home

All Question 89/790


A company is deploying a web portal. The company wants to ensure that only the web portion of the application is publicly accessible. To accomplish this, the VPC was designed with two public subnets and two private subnets. The application will run on several Amazon EC2 instances in an Auto Scaling group. SSL termination must be offloaded from the EC2 instances.

What should a solutions architect do to ensure these requirements are met?

RefreshNextRandom

C. Configure the Application Load Balancer in the public subnets. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer.
All Home

All Question 90/790


A solutions architect is designing a system that will store personally identifiable information (Pll) in an Amazon S3 bucket.

Due to compliance and regulatory requirements, both the master keys and the unencrypted data should never be sent to AWS.

Which Amazon S3 encryption technique should the architect choose?

RefreshNextRandom

D. Amazon S3 server-side encryption with customer-provided encryption keys (SSE-C)
All Home

All Question 91/790


A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the tiles can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.

The tiles are stored in an on–premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.

Which solution will meet these requirements?

RefreshNextRandom

D. Migrate the tiles to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.
All Home

All Question 92/790


A solutions architect must analyze and update a company's existing IAM policies prior to deploying a new workload. The solutions architect created the following policy:

A solutions architect must analyze and update a company's existing IAM policies prior to deploying a new workload.

What is the net effect of this policy?

RefreshNextRandom

C. Users will be denied all actions except s3:PutObject if multi-factor authentication (MFA) is enabled.
All Home

All Question 93/790


A VPC contains multiple subnets, where each subnet can span multiple Availability Zones.

RefreshNextRandom

C. This is false.
A VPC can span several Availability Zones. In contrast, a subnet must reside within a single Availability Zone. References: Amazon VPC FAQs
All Home

All Question 94/790


A solutions architect must provide a fully managed replacement for an on–premises solution that allows employees and partners to exchange files The solution must be easily accessible to employees connecting from on–premises systems, remote employees, and external partners.

Which solution meets these requirements?

RefreshNextRandom

B. Use AWS Snowball Edge for local storage and large-scale data transfers
All Home

All Question 95/790


An eCommerce company is creating an application that requires a connection to a third–party payment service to process payments. The payment service needs to explicitly allow the public IP address of the server that is making the payment request. However, the company's security policies do not allow any server to be exposed directly to the public internet.

Which solution will meet these requirements?

RefreshNextRandom

B. Create a NAT gateway in a public subnet. Host the application servers on Amazon EC2 instances in a private subnet. Route payment requests through the NAT gateway.
All Home

All Question 96/790


A company is using Amazon EC2 to run its big data analytics workloads. These variable workloads run each night, and it is critical they finish by the start of business the following day. A solutions architect has been tasked with designing the MOST cost–effective solution.

Which solution will accomplish this?

All Home

All Question 97/790


A solutions architect is investigating AWS file storage solutions that can be used with a company's on–premises Linux servers and applications. The company has an existing VPN connection set up between the company's VPC and its on–premises network.

Which AWS services should the solutions architect use? (Select TWO)

RefreshNextRandom

A. AWS Backup
E. Amazon Elastic File System (Amazon EFS)
All Home

All Question 98/790


A bicycle sharing company is developing a multi–tier architecture to track the location of its bicycles during peak operating hours. The company wants to use these data points in its existing analytics platform. A solutions architect must determine the most viable multi–tier option to support this architecture. The data points must be accessible from the REST API.

Which action meets these requirements for storing and retrieving location data?

RefreshNextRandom

B. Use Amazon API Gateway with AWS Lambda.
Keyword: Data points in its existing analytics platform + Data points must be accessible from the REST API + Track the location of its bicycles during peak operating hours They already have an analytics platform, A (Athena) and D (Kinesis Data Analytics) are out of the race even though S3 & APT Gateway Support REST API. Now B and C are in Race. C will not support REST API. So answer should be B as per below details. Now if we talk about data type, we are talking about GEO location data for their bicycles. API Gateway will be support REST API. So, exact solution should be API Gateway with AWS Lambda along with Amazon Kinesis Data Analytics (Assume its used already). CORRECT: "Use Amazon API Gateway with AWS Lambda" is the correct answer. INCORRECT: "Use Amazon Athena with Amazon S3" is incorrect as they already have analytics platform. INCORRECT: "Use Amazon QuickSight with Amazon Redshift" is incorrect. This is not support REST API. INCORRECT: "Use Amazon API Gateway with Amazon Kinesis Data Analytics" is incorrect as they already have analytics platform. References: Amazon API Gateway AWS Lambda Amazon Kinesis Data Analytics
All Home

All Question 99/790


A user is designing a new service that receives location updates from 3 600 rental cars every hour.

The cars upload their location to an Amazon S3 bucket.

Each location must be checked for distance from the original rental location.

Which services will process the updates and automatically scale?

RefreshNextRandom

B. Amazon Kinesis Data Firehose and Amazon S3
All Home

All Question 100/790


A company requires operating system permission on a relational database server.

What should a solutions architect suggest as a configuration for a highly available database architecture?

RefreshNextRandom

A. Multiple Amazon EC2 instances in a database replication configuration that uses two Availability Zones
All Home

All Question 101/790


A solutions architect must provide an automated solution for a company's compliance policy that states security groups cannot include a rule that allows SSH from 0.0.0.0/0. The company needs to be notified if there is any breach in the policy. A solution is needed as soon as possible.

What should the solutions architect do to meet these requirements with the LEAST operational overhead?

RefreshNextRandom

B. Enable the restricted-ssh AWS Config managed rule and generate an Amazon Simple Notification Service (Amazon SNS) notification when a noncompliant rule is created.
All Home

All Question 102/790


A company is experiencing growth as demand for its product has increased. The company's existing purchasing application is slow when traffic spikes. The application is a monolithic three–tier application that uses synchronous transactions and sometimes sees bottlenecks in the application tier. A solutions architect needs to design a solution that can meet required application response times while accounting for traffic volume spikes.

Which solution will meet these requirements?

RefreshNextRandom

C. Scale the web and application tiers horizontally using Auto Scaling groups and an Application Load Balancer.
The Application uses synchronous transactions each operation is dependent on the previous one. Using asynchronous lambda calls may not work here.
All Home

All Question 103/790


A company is developing a mobile game that streams score updates to a backend processor and then posts results on a leaderboard. A solutions architect needs to design a solution that can handle large traffic spikes, process the mobile game updates in order of receipt, and store the processed updates in a highly available database. The company also wants to minimize the management overhead required to maintain the solution.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

A. Push score updates to Amazon Kinesis Data Streams. Process the updates in Kinesis Data Streams with AWS Lambda. Store the processed updates in Amazon DynamoDB.
Keywords to focus on would be highly available database – DynamoDB would be a better choice for leaderboard.
All Home

All Question 104/790


A company is hosting its static website in an Amazon S3 bucket, which is the origin for Amazon CloudFront. The company has users in the United States, Canada, and Europe and wants to reduce.

What should a solutions architect recommend?

RefreshNextRandom

C. Modify the CloudFront price class to include only the locations of the countries that are served
All Home

All Question 105/790


A company has global users accessing an application deployed in different AWS Regions, exposing public static IP addresses. The users are experiencing poor performance when accessing the application over the internet.

What should a solutions architect recommend to reduce internet latency?

RefreshNextRandom

A. Set up AWS Global Accelerator and add endpoints.
AWS Global Accelerator is a service in which you create accelerators to improve availability and performance of your applications for local and global users. Global Accelerator directs traffic to optimal endpoints over the AWS global network. This improves the availability and performance of your internet applications that are used by a global audience. Global Accelerator is a global service that supports endpoints in multiple AWS Regions, which are listed in the AWS Region Table. By default, Global Accelerator provides you with two static IP addresses that you associate with your accelerator. (Or, instead of using the IP addresses that Global Accelerator provides, you can configure these entry points to be IPv4 addresses from your own IP address ranges that you bring to Global Accelerator.) The static IP addresses are anycast from the AWS edge network and distribute incoming application traffic across multiple endpoint resources in multiple AWS Regions, which increases the availability of your applications. Endpoints can be Network Load Balancers, Application Load Balancers, EC2 instances, or Elastic IP addresses that are located in one AWS Region or multiple Regions. CORRECT: "Set up AWS Global Accelerator and add endpoints" is the correct answer. INCORRECT: "Set up AWS Direct Connect locations in multiple Regions" is incorrect as this is used to connect from an on-premises data center to AWS. It does not improve performance for users who are not connected to the on-premises data center. INCORRECT: "Set up an Amazon CloudFront distribution to access an application" is incorrect as CloudFront cannot expose static public IP addresses. INCORRECT: "Set up an Amazon Route 53 geoproximity routing policy to route traffic" is incorrect as this does not reduce internet latency as well as using Global Accelerator. GA will direct users to the closest edge location and then use the AWS global network. References: AWS Global Accelerator > Developer Guide > What is AWS Global Accelerator?
All Home

All Question 106/790


A company's security policy requires that alt AWS API activity in its AWS accounts be recorded for periodic auditing. The company needs to ensure that AWS CloudTrail is enabled on all of its current and future AWS accounts using AWS Organizations.

Which solution is MOST secure?

RefreshNextRandom

D. Add all existing accounts under the organization's root Define and attach a service control policy (SCP) to every account that prevents users from disabling CloudTrail
All Home

All Question 107/790


A company stores call recordings on a monthly basis. Statistically, the recorded data may be referenced randomly within a year but accessed rarely after 1 year. Files that are newer than 1 year old must be queried and retrieved as quickly as possible. A delay in retrieving older files is acceptable. A solutions architect needs to store the recorded data at a minimal cost.

Which solution is MOST cost–effective?

RefreshNextRandom

B. Store individual files in Amazon S3. Use lifecycle policies to move the files to Amazon S3 Glacier after1 year. Query and retrieve the files from Amazon S3 or S3 Glacier.
All Home

All Question 108/790


A company wants to host its web application on AWS using multiple Amazon EC2 instances across different AWS Regions. Since the application content will be specific to each geographic region, the client requests need to be routed to the server that hosts the content for that clients Region.

What should a solutions architect do to accomplish this?

RefreshNextRandom

C. Configure Amazon Route 53 with a geolocation routing policy.
All Home

All Question 109/790


An administrator of a large company wants to monitor for and prevent any cryptocurrency–related attacks on the company's AWS accounts.

Which AWS service can the administrator use to protect the company against attacks?

All Home

All Question 110/790


A company's website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company's website demands globally. The solution should be cost effective, limit the provisioning of infrastructure resources, and provide the fastest possible response time.

Which combination should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon CloudFront and Amazon S3
All Home

All Question 111/790


A company's application hosted on Amazon EC2 instances needs to access an Amazon S3 bucket. Due to data sensitivity, traffic cannot traverse the internet.

How should a solutions architect configure access?

RefreshNextRandom

B. Configure a VPC gateway endpoint for Amazon S3 in the VPC.
All Home

All Question 112/790


A company has an application that calls AWS Lambda functions. A recent code review found database credentials stored in the source code. The database credentials need to be removed from the Lambda source code. The credentials must then be securely stored and rotated on an ongoing basis to meet security policy requirements.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

B. Store the password in AWS Secrets Manager. Associate the Lambda function with a role that can retrieve the password from Secrets Manager given its secret ID.
All Home

All Question 113/790


A company has thousands of files stored in an Amazon S3 bucket that has a well–defined access pattern. The files are accessed by an application multiple times a day for the first 30 days. Files are rarely accessed within the next 90 days. After that, the files are never accessed again. During the first 120 days, accessing these files should never take more than a few seconds.

Which lifecycle policy should be used for the S3 objects to minimize costs based on the access pattern?

RefreshNextRandom

B. Use Amazon S3 Standard storage for the first 30 days. Then move the files to Amazon S3 Standard- Infrequent Access (S3 Standard-IA) for the next 90 days. Allow the data to expire after that.
It is mentioned that they need to access data in few seconds during the 120 days.
All Home

All Question 114/790


A solutions architect is designing an VPC that requires access to a remote API server using IPv6 Resources within the VPC should not be accessed directly from the internet.

How should this be achieved?

RefreshNextRandom

B. Attach an egress-only internet gateway and update the routing tables
All Home

All Question 115/790


A company has created a VPC with multiple private subnets in multiple Availability Zones (AZs) and one public subnet in one of the AZs. The public subnet is used to launch a NAT gateway. There are instance in the private subnet that use a NAT gateway to connect to the internet. In case is used of an AZ failure, the company wants to ensure that the instance are not all experiencing internet connectivity issues and that there is a backup plan ready.

Which solution should a solutions architect recommend that is MOST highly available?

RefreshNextRandom

C. Create public subnets In each f\Z and launch a NAT gateway in each subnet Configure the traffic from the private subnets In each A2 to the respective NAT gateway
All Home

All Question 116/790


A company uses Amazon S3 for storing a variety of files.

A solutions architect needs to design a feature that will allow users to instantly restore any deleted files within 30 days of deletion.

Which is the MOST cost–efficient solution?

RefreshNextRandom

A. Create lifecycle policies that move the objects to Amazon S3 Glacier and delete them after 30 days
All Home

All Question 117/790


Management has decided to deploy all AWS VPCs with IPv6 enabled. After some time, a solutions architect tries to launch a new instance and receives an error stating that there is not enough IP address space available in the subnet.

What should the solutions architect do to fix this?

RefreshNextRandom

B. Create a new IPv4 subnet with a larger range, and then launch the instance.
First of all, there is no IPv6-only VPC on AWS. A VPC is always IPv4 enabled, but you can optionally enable IPv6 (dual-stack). References: Getting started with IPv6 on AWS
All Home

All Question 118/790


A company has two VPCs that are located in the us–west–2 Region within the same AWS account. The company needs to allow network traffic between these VPCs. Approximately 500 GB of data transfer will occur between the VPCs each month.

What is the MOST cost–effective solution to connect these VPCs?

RefreshNextRandom

C. Set up a VPC peering connection between the VPCs. Update the route tables of each VPC to use the VPC peering connection for inter-VPC communication.
All Home

All Question 119/790


A company has thousands of edge devices that collectively generate 1 TB of status alerts each day. Each alert is approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis.

The company wants a highly available solution. However, the company needs to minimize costs and does not want to manage additional infrastructure. Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days.

What is the MOST operationally efficient solution that meets these requirements?

RefreshNextRandom

A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts. Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3 bucket. Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days.
All Home

All Question 120/790


A company has an automobile sales website that stores its listings in a database on Amazon RDS. When an automobile is sold, the listing needs to be removed from the website and the data must be sent to multiple target systems.

Which design should a solutions architect recommend?

RefreshNextRandom

A. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) queue for the targets to consume.
You can use AWS Lambda to process event notifications from an Amazon Relational Database Service (Amazon RDS) database. Amazon RDS sends notifications to an Amazon Simple Notification Service (Amazon SNS) topic, which you can configure to invoke a Lambda function. Amazon SNS wraps the message from Amazon RDS in its own event document and sends it to your function. References: AWS Lambda > Developer Guide > Using AWS Lambda with Amazon SNS AWS Compute Blog > Messaging Fanout Pattern for Serverless Architectures Using Amazon SNS
All Home

All Question 121/790


A company maintains a searchable repository of items on its website. The data is stored in an Amazon RDS for MySQL database table that contains over 10 million rows. The database has 2 TB of General Purpose SSD (gp2) storage. There are millions of updates against this data every day through the company's website. The company has noticed some operations are taking 10 seconds or longer, and has determined that the database storage performance is bottleneck.

Which solution addresses the performance issues?

RefreshNextRandom

A. Change the storage type to Provissioned IOPS SSD (io1).
All Home

All Question 122/790


An application is running on Amazon EC2 instances. Sensitive information required for the application is stored in an Amazon S3 bucket. The bucket needs to be protected from internet access while only allowing services within the VPC access to the bucket.

Which combination of actions should solutions archived take to accomplish this? (Choose two.)

RefreshNextRandom

A. Create a VPC endpoint for Amazon S3.
C. Apply a bucket policy to restrict access to the S3 endpoint.
ACL is a property at object level not at bucket level. Also by just adding ACL you cant let the services in VPC allow access to the bucket.
All Home

All Question 123/790


A company runs an application that uses multiple Amazon EC2 instances to gather data from its users. The data is then processed and transferred to Amazon S3 for long–term storage. A review of the application shows that there were long periods of time when the EC2 instances were not being used. A solutions architect needs to design a solution that optimizes utilization and reduces costs.

Which solution meets these requirements?

RefreshNextRandom

D. Redesign the application to use an event-driven design with Amazon Simple Queue Service (Amazon SQS) and AWS Lambda.
All Home

All Question 124/790


A user wants to list the IAM role that is attached to their Amazon EC2 instance. The user has login access to the EC2 instance but does not have IAM permissions.

What should a solutions architect do to retrieve this information?

RefreshNextRandom

B. Run the following EC2 command curl http://169.254.169.254/latest-/user-data/iam/info
All Home

All Question 125/790


A company is moving its legacy workload to the AWS Cloud.

The workload files will be shared, appended, and frequently accessed through Amazon EC2 instances when they are first created.

The files will be accessed occasionally as they age.

What should a solutions architect recommend?

RefreshNextRandom

D. Store the data using Amazon S3 with an S3 lifecycle policy enabled to move data to S3 Standard- Infrequent Access (S3 Standard-IA)
All Home

All Question 126/790


A company that hosts its web application on AWS wants to ensure all Amazon EC2 instances, Amazon RDS DB instances, and Amazon Redshift clusters are configured with tags. The company wants to minimize the effort of configuring and operating this check.

What should a solutions architect do to accomplish this?

RefreshNextRandom

A. Use AWS Config rules to define and detect resources that are not properly tagged.
All Home

All Question 127/790


An operations team has a standard that states IAM policies should not be applied directly to users. Some new team members have not been following this standard. The operations manager needs a way to easily identify the users with attached policies.

What should a solutions architect do to accomplish this?

RefreshNextRandom

B. Create an AWS Config rule to run daily.
A new AWS Config rule is deployed in the account after you enable AWS Security Hub. The AWS Config rule reacts to resource configuration and compliance changes and send these change items to AWS CloudWatch. When AWS CloudWatch receives the compliance change, a CloudWatch event rule triggers the AWS Lambda function.
All Home

All Question 128/790


A company needs to share an Amazon S3 bucket with an external vendor. The bucket owner must be able to access all objects.

Which action should be taken to share the S3 bucket?

RefreshNextRandom

C. Create a bucket policy to require users to grant bucket-owner-full-control when uploading objects.
By default, an S3 object is owned by the AWS account that uploaded it. This is true even when the bucket is owned by another account. To get access to the object, the object owner must explicitly grant you (the bucket owner) access. The object owner can grant the bucket owner full control of the object by updating the access control list (ACL) of the object. The object owner can update the ACL either during a put or copy operation, or after the object is added to the bucket. Resolution Add a bucket policy that grants users access to put objects in your bucket only when they grant you (the bucket owner) full control of the object.
All Home

All Question 129/790


A company has multiple AWS accounts for various departments. One of the departments wants to share an Amazon S3 bucket with all other departments.

Which solution will require the LEAST amount of effort?

RefreshNextRandom

C. Set the S3 bucket policy to allow cross-account access to other departments.
S3 standard is the best choice in this scenario for a short term storage solution. In this case the size and number of logs is unknown and it would be difficult to fully assess the access patterns at this stage. Therefore, using S3 standard is best as it is cost-effective, provides immediate access, and there are no retrieval fees or minimum capacity charge per object. CORRECT: "Amazon S3 Standard" is the correct answer. INCORRECT: "Amazon S3 Intelligent-Tiering" is incorrect as there is an additional fee for using this service and for a short-term requirement it may not be beneficial. INCORRECT: "Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)" is incorrect as this storage class has a minimum capacity charge per object (128 KB) and a per GB retrieval fee. INCORRECT: "Amazon S3 Glacier Deep Archive" is incorrect as this storage class is used for archiving data. There are retrieval fees and it take hours to retrieve data from an archive. References: Amazon S3 Storage Classes
All Home

All Question 130/790


A company's website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company's website demands globally. The solution should be cost effective, limit the? provisioning of Into and provide the fastest possible response time.

Which combination should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon CloudFront and Amazon S3
All Home

All Question 131/790


A company is investigating potential solutions that would collect, process, and store users' service usage data. The business objective is to create an analytics capability that will enable the company to gather operational insights quickly using standard SQL queries. The solution should be highly available and ensure Atomicity, Consistency, Isolation, and Durability (ACID) compliance in the data tier.

Which solution should a solutions architect recommend?

RefreshNextRandom

C. Use a fully managed Amazon RDS for MySQL database in a Multi-AZ design.
All Home

All Question 132/790


A user has created an EBS volume with 1000 IOPS. What is the average IOPS that the user will get for most of the year as per EC2 SLA if the instance is attached to the EBS optimized instance?

RefreshNextRandom

D. 900
As per AWS SLA if the instance is attached to an EBS-Optimized instance, then the Provisioned IOPS volumes are designed to deliver within 10% of the provisioned IOPS performance 99.9% of the time in a given year. Thus, if the user has created a volume of 1000 IOPS, the user will get a minimum 900 IOPS 99.9% time of the year. References: Amazon EC2 FAQs
All Home

All Question 133/790


A company is running a media store across multiple Amazon EC2 instances distributed across multiple Availability Zones in a single VPC.

The company wants a high–performing solution to share data between all the EC2 instances, and prefers to keep the data within the VPC only.

What should a solutions architect recommend?

RefreshNextRandom

D. Configure an Amazon Elastic File System (Amazon EFS) file system and mount it across all instances.
All Home

All Question 134/790


A company's website runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The website has a mix of dynamic and static content. Users around the globe are reporting that the website is slow.

Which set of actions will improve website performance for users worldwide?

RefreshNextRandom

A. Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution.
What Is Amazon CloudFront? Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. Routing Traffic to an Amazon CloudFront web distribution by using your domain name. If you want to speed up delivery of your web content, you can use Amazon CloudFront, the AWS content delivery network (CDN). CloudFront can deliver your entire website – including dynamic, static, streaming, and interactive content – by using a global network of edge locations. Requests for your content are automatically routed to the edge location that gives your users the lowest latency. To use CloudFront to distribute your content, you create a web distribution and specify settings such as the Amazon S3 bucket or HTTP server that you want CloudFront to get your content from, whether you want only selected users to have access to your content, and whether you want to require users to use HTTPS. When you create a web distribution, CloudFront assigns a domain name to the distribution, such asd111111abcdef8.cloudfront.net. You can use this domain name in the URLs for your content, for example: http://d111111abcdef8.cloudfront.net/logo.jpg Alternatively, you might prefer to use your own domain name in URLs, for example: http://example.com/logo.jpg If you want to use your own domain name, use Amazon Route 53 to create an alias record that points to your CloudFront distribution. An alias record is a Route 53 extension to DNS. It's similar to a CNAME record, but you can create an alias record both for the root domain, such as example.com, and for subdomains, such aswww.example.com. (You can create CNAME records only for subdomains.) When Route 53 receives a DNS query that matches the name and type of an alias record, Route 53 responds with the domain name that is associated with your distribution. Amazon CloudFront is a content delivery network (CDN) that improves website performance by caching content at edge locations around the world. It can serve both dynamic and static content. This is the best solution for improving the performance of the website. CORRECT: "Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution" is the correct answer. INCORRECT: "Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB" is incorrect. Latency routing routes based on the latency between the client and AWS. There is no mention in the answer about creating the new instances in another region therefore the only advantage is in using larger instance sizes. For a dynamic site this adds complexity in keeping the instances in sync. INCORRECT: "Launch new EC2 instances hosting the same web application in different Regions closer to the users. Use an AWS Transit Gateway to connect customers to the closest region" is incorrect as Transit Gateway is a service for connecting on-premises networks and VPCs to a single gateway. INCORRECT: "Migrate the website to an Amazon S3 bucket in the Regions closest to the users. Then create an Amazon Route 53 geolocation record to point to the S3 buckets" is incorrect as with S3 you can only host static websites, not dynamic websites. References: Amazon CloudFront Dynamic Content Delivery
All Home

All Question 135/790


A solutions architect is deploying a distributed database on multiple Amazon EC2 instances. The database stores all data on multiple instances so it can withstand the loss of an instance. The database requires block storage with latency and throughput to support several million transactions per second per server.

Which storage solution should the solutions architect use?

RefreshNextRandom

A. Amazon EBS
Amazon Elastic Block Store (EBS) is an easy to use, high performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale. A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS. References: https://quizform.net/exam/24/learning/14 Amazon Elastic Compute Cloud > User Guide for Linux Instances > Amazon EC2 instance store
All Home

All Question 136/790


A solutions architect is planning the deployment of a new static website. The solution must minimize costs and provide at least 99% availability. Which solution meets these requirements?

RefreshNextRandom

A. Deploy the application to an Amazon S3 bucket in one AWS Region that has versioning disabled.
All Home

All Question 137/790


A solutions architect is designing a solution that requires frequent updates to a website that is hosted on Amazon S3 with versioning enabled. For compliance reasons, the older versions of the objects will not be accessed frequently and will need to be deleted after 2 years.

What should the solutions architect recommend to meet these requirements at the LOWEST cost?

RefreshNextRandom

B. Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier. Expire the objects after 2 years.
All Home

All Question 138/790


A company has a build server that is in an Auto Scaling group and often has multiple Linux instances running.

The build server requires consistent shared NFS storage for jobs and configurations.

Which storage option should a solution architect recommend?

RefreshNextRandom

D. Amazon Elastic File System (Ama on EFS)
All Home

All Question 139/790


A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies.

How should a solutions architect address this issue?

RefreshNextRandom

D. Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy.
The permissions boundary for an IAM entity (user or role) sets the maximum permissions that the entity can have. This can change the effective permissions for that user or role. The effective permissions for an entity are the permissions that are granted by all the policies that affect the user or role. Within an account, the permissions for an entity can be affected by identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs, or session policies. Therefore, the solutions architect can set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy. CORRECT: "Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy" is the correct answer. INCORRECT: "Create an Amazon SNS topic to send an alert every time a developer creates a new policy" is incorrect as this would mean investigating every incident which is not an efficient solution. INCORRECT: "Use service control policies to disable IAM activity across all accounts in the organizational unit" is incorrect as this would prevent the developers from being able to work with IAM completely. INCORRECT: "Prevent the developers from attaching any policies and assign all IAM duties to the security operations team" is incorrect as this is not necessary. The requirement is to allow developers to work with policies, the solution needs to find a secure way of achieving this. References: AWS Identity and Access Management > User Guide > Permissions boundaries for IAM entities
All Home

All Question 140/790



Which solution provides the LOWEST data transfer egress cost for the company?

RefreshNextRandom

A. Host the visualization tool on premises and query the data warehouse directly over the internet.
All Home

All Question 141/790


A company is implementing a data lake solution on Amazon S3. Its security policy mandates that the data stored in Amazon S3 should be encrypted at rest.

Which options can achieve this? (Select TWO.)

RefreshNextRandom

B. Use S3 server-side encryption with customer-provided keys (SSE-C).
D. Use client-side encryption before ingesting the data to Amazon S3 using encryption keys.
All Home

All Question 142/790


A solutions architect is optimizing a website for an upcoming musical event. Videos of the performances will be streamed in real time and then will be available on demand. The event is expected to attract a global online audience.

Which service will improve the performance of both the real–time and on–demand streaming?

RefreshNextRandom

A. Amazon CloudFront
All Home

All Question 143/790


A company wants to replicate its data to AWS to recover in the event of a disaster. Today, a system administrator has scripts that copy data to a NFS share Individual backup files need to be accessed with low latency by application administrators to deal with errors in processing.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

D. Modify the script to copy data to an AWS Storage Gateway for File Gateway virtual appliance instead of the on-premises NFS share.
All Home

All Question 144/790


A company hosts an application used to upload files to an Amazon S3 bucket. Once uploaded, the files are processed to extract metadata, which takes less than 5 seconds. The volume and frequency of the uploads varies from a few files each hour to hundreds of concurrent uploads. The company has asked a solutions architect to design a cost–effective architecture that will meet these requirements.

What should the solutions architect recommend?

RefreshNextRandom

B. Configure an object-created event notification within the S3 bucket to invoke an AWS Lambda function to process the files.
All Home

All Question 145/790


A solutions architect at an eCommerce company wants to back up application log data to Amazon S3. The solutions architect is unsure how frequently the logs will be accessed or which logs will be accessed the most. The company wants to keep costs as low as possible by using the appropriate S3 storage class.

Which S3 storage class should be implemented to meet these requirements?

RefreshNextRandom

B. S3 Intelligent-Tiering
S3 Intelligent-Tiering is a new Amazon S3 storage class designed for customers who want to optimize storage costs automatically when data access patterns change, without performance impact or operational overhead. S3 Intelligent-Tiering is the first cloud object storage class that delivers automatic cost savings by moving data between two access tiers – frequent access and infrequent access – when access patterns change, and is ideal for data with unknown or changing access patterns. S3 Intelligent-Tiering stores objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, S3 Intelligent-Tiering monitors access patterns and moves objects that have not been accessed for 30 consecutive days to the infrequent access tier. There are no retrieval fees in S3 Intelligent-Tiering. If an object in the infrequent access tier is accessed later, it is automatically moved back to the frequent access tier. No additional tiering fees apply when objects are moved between access tiers within the S3 Intelligent-Tiering storage class. S3 Intelligent-Tiering is designed for 99.9% availability and 99.999999999% durability, and offers the same low latency and high throughput performance of S3 Standard.
All Home

All Question 146/790


A development team runs monthly resource–intensive tests on its general purpose Amazon RDS (or MySQL DB instance with Performance insights enabled. The testing lasts for 48 hours once a month and is the only process that uses the database. The team wants to reduce the cost of running the tests without reducing the compute and memory attributes of the DB instance.

Which solution meets these requirements MOST cost–effectively?

RefreshNextRandom

C. Create a snapshot when tests are completed Terminate the DB instance and restore the snapshot when required
All Home

All Question 147/790


A company hosts its product information webpages on AWS. The existing solution uses multiple Amazon C2 instances behind an Application Load Balancer in an Auto Scaling group. The website also uses a custom DNS name and communicates with HTTPS only using a dedicated SSL certificate. The company is planning a new product launch and wants to be sure that users from around the world have the best possible experience on the new website.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Redesign the application to use Amazon CloudFront.
What Is Amazon CloudFront? Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined – such as an Amazon S3 bucket, a MediaPackage channel, or an HTTP server (for example, a web server) that you have identified as the source for the definitive version of your content. As an example, suppose that you're serving an image from a traditional web server, not from CloudFront. For example, you might serve an image, sunsetphoto.png, using the URL http://example.com/sunsetphoto.png. Your users can easily navigate to this URL and see the image. But they probably don't know that their request was routed from one network to another – through the complex collection of interconnected networks that comprise the internet – until the image was found. CloudFront speeds up the distribution of your content by routing each user request through the AWS backbone network to the edge location that can best serve your content. Typically, this is a CloudFront edge server that provides the fastest delivery to the viewer. Using the AWS network dramatically reduces the number of networks that your users' requests must pass through, which improves performance. Users get lower latency – the time it takes to load the first byte of the file – and higher data transfer rates. You also get increased reliability and availability because copies of your files (also known as objects) are now held (or cached) in multiple edge locations around the world.
All Home

All Question 148/790


An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table.

What is me MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

RefreshNextRandom

A. Use a VPC endpoint for DynamoDB
All Home

All Question 149/790


A company has an Amazon S3 bucket that contains mission–critical data. The company wants to ensure this data is protected from accidental deletion. The data should still be accessible, and a user should be able to delete the data intentionally.

Which combination of steps should a solutions architect take to accomplish this? (Choose two.)

RefreshNextRandom

A. Enable versioning on the S3 bucket.
B. Enable MFA Delete on the S3 bucket.
All Home

All Question 150/790


A company is launching an eCommerce website on AWS. This website is built with a three–tier architecture that includes a MySQL database in a Multi–AZ deployment of Amazon Aurora MySQL. The website application must be highly available and will initially be launched in an AWS Region with three Availability Zones The application produces a metric that describes the load the application experiences.

Which solution meets these requirements?

RefreshNextRandom

B. Configure an Application Load Balancer (ALB) and Amazon EC2 Auto Scaling behind the ALB with a simple scaling policy.
All Home

All Question 151/790


A company has an application that ingests incoming messages. These messages are then quickly consumed by dozens of other applications and microservices. The number of messages varies drastically and sometimes spikes as high as 100,000 each second. The company wants to decouple the solution and increase scalability.

Which solution meets these requirements?

RefreshNextRandom

D. Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with one or more Amazon Simple Queue Service (Amazon SQS) subscriptions. All applications then process the messages from the queues.
Q: How large can Amazon SQS message queues be? A single Amazon SQS message queue can contain an unlimited number of messages. However, there is a 120,000 quota for the number of inflight messages for a standard queue and 20,000 for a FIFO queue. Messages are inflight after they have been received from the queue by a consuming component, but have not yet been deleted from the queue. References: Amazon SQS FAQs
All Home

All Question 152/790


A company has many applications on Amazon EC2 instances running in Auto Scaling groups. Company policy requires that the data on the attached Amazon Elastic Block Store (Amazon EBS) volumes be retained.

Which action will meet these requirements without impacting performance?

RefreshNextRandom

B. Disable the DeleteOnTermination attribute for the Amazon EBS volumes.
All Home

All Question 153/790


A company has a build server that is in an Auto Scaling group and often has multiple Linux instances running. The build server requires consistent and mountable shared NFS storage for jobs and configurations.

Which storage option should a solutions architect recommend?

RefreshNextRandom

D. Amazon Elastic File System (Amazon EFS)
All Home

All Question 154/790


A company's web application is using multiple Linux Amazon EC2 instances and storing data on Amazon EBS volumes. The company is looking for a solution to increase the resiliency of the application in case of a failure and to provide storage that complies with atomicity, consistency, isolation, and durability (ACID).

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data on Amazon EFS and mount a target on each instance.
How Amazon EFS Works with Amazon EC2 The following illustration shows an example VPC accessing an Amazon EFS file system. Here, EC2 instances in the VPC have file systems mounted. In this illustration, the VPC has three Availability Zones, and each has one mount target created in it. We recommend that you access the file system from a mount target within the same Availability Zone. One of the Availability Zones has two subnets. However, a mount target is created in only one of the subnets. Benefits of Auto Scaling Better fault tolerance. Amazon EC2 Auto Scaling can detect when an instance is unhealthy, terminate it, and launch an instance to replace it. You can also configure Amazon EC2 Auto Scaling to use multiple Availability Zones. If one Availability Zone becomes unavailable, Amazon EC2 Auto Scaling can launch instances in another one to compensate. Better availability. Amazon EC2 Auto Scaling helps ensure that your application always has the right amount of capacity to handle the current traffic demand. Better cost management. Amazon EC2 Auto Scaling can dynamically increase and decrease capacity as needed. Because you pay for the EC2 instances you use, you save money by launching instances when they are needed and terminating them when they aren't. To increase the resiliency of the application the solutions architect can use Auto Scaling groups to launch and terminate instances across multiple availability zones based on demand. An application load balancer (ALB) can be used to direct traffic to the web application running on the EC2 instances. Lastly, the Amazon Elastic File System (EFS) can assist with increasing the resilience of the application by providing a shared file system that can be mounted by multiple EC2 instances from multiple availability zones. CORRECT: "Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data on Amazon EFS and mount a target on each instance" is the correct answer. INCORRECT: "Launch the application on EC2 instances in each Availability Zone. Attach EBS volumes to each EC2 instance" is incorrect as the EBS volumes are single points of failure which are not shared with other instances. INCORRECT: "Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Mount an instance store on each EC2 instance" is incorrect as instance stores are ephemeral data stores which means data is lost when powered down. Also, instance stores cannot be shared between instances. INCORRECT: "Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data using Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)" is incorrect as there are data retrieval charges associated with this S3 tier. It is not a suitable storage tier for application files. References: Amazon Elastic File System Documentation
All Home

All Question 155/790


A company needs to implement a relational database with a multi–Region disaster recovery Recovery Point Objective (RPO) of 1 second and a Recovery Time Objective (RTO) of 1 minute.

Which AWS solution can achieve this?

RefreshNextRandom

A. Amazon Aurora Global Database
Cross-Region Disaster Recovery: If your primary region suffers a performance degradation or outage, you can promote one of the secondary regions to take read/write responsibilities. An Aurora cluster can recover in less than 1 minute even in the event of a complete regional outage. This provides your application with an effective Recovery Point Objective (RPO) of 1 second and a Recovery Time Objective (RTO) of less than 1 minute, providing a strong foundation for a global business continuity plan.
All Home

All Question 156/790


A company uses an Amazon S3 bucket as its data lake storage platform.

The S3 bucket contains a massive amount of data that is accessed randomly by multiple teams and hundreds of applications.

The company wants to reduce the S3 storage costs and provide immediate availability for frequently accessed objects.

What is the MOST operationally efficient solution that meets these requirements?

RefreshNextRandom

A. Create an S3 Lifecycle rule to transition objects to the S3 Intelligent-Tiering storage class
All Home

All Question 157/790


A company runs an application in the AWS Cloud and uses Amazon DynamoDB as the database. The company deploys Amazon EC2 instances to a private network to process data from the database.


A solutions architect must implement a solution that provides connectivity to DynamoDB and that does not require ongoing management.

What is the MOST cost–effective solution that meets these requirements?

RefreshNextRandom

A. Create a gateway VPC endpoint to provide connectivity to DynamoDB
All Home

All Question 158/790


A company is running its application in a single region on Amazon EC2 with Amazon Elastic Block Store (Amazon EBS) and S3 as part of the storage design.

What should be done to reduce data transfer costs?

RefreshNextRandom

C. Create an Amazon CloudFront distribution with Amazon S3 as the origin
All Home

All Question 159/790


A company stores user data in AWS. The data is used continuously with peak usage during business hours. Access patterns vary, with some data not being used for months at a time. A solutions architect must choose a cost–effective solution that maintains the highest level of durability while maintaining high availability.

Which storage solution meets these requirements?

RefreshNextRandom

B. Amazon S3 Intelligent-Tiering
All Home

All Question 160/790


A company's website is using an Amazon RDS MySQL Multi–AZ DB instance for its transactional data storage. There are other internal systems that query this DB instance to fetch data for internal batch processing. The RDS DB instance slows down significantly when the internal systems fetch data. This impacts the website's read and write performance, and the users experience slow response times.

Which solution will improve the website's performance?

RefreshNextRandom

D. Add a read replica to the RDS DB instance and configure the internal systems to query the read replica.
Amazon RDS Read Replicas Enhanced performance You can reduce the load on your source DB instance by routing read queries from your applications to the read replica. Read replicas allow you to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. Because read replicas can be promoted to master status, they are useful as part of a sharding implementation. To further maximize read performance, Amazon RDS for MySQL allows you to add table indexes directly to Read Replicas, without those indexes being present on the master.
All Home

All Question 161/790


A company has an AWS Direct Connect connection from its corporate data center to its VPC in the us–east–1 Region.

The company recently acquired a corporation that has several VPCs and a Direct Connect connection between its on–premises data center and the eu–west–2 Region.

The CIDR blocks for the VPCs of the company and the corporation do not overlap. The company requires connectivity between two Regions and the data centers.

The company needs a solution that is scalable while reducing operational overhead. What should a solutions architect do to meet these requirements?

RefreshNextRandom

D. Connect the existing Direct Connect connection to a Direct Connect gateway Route traffic from the virtual private gateways of the VPCs in each Region to the Direct Connect gateway
All Home

All Question 162/790


A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords. What should the solutions architect do to accomplish this?

RefreshNextRandom

A. Set an overall password policy for the entire AWS account
All Home

All Question 163/790


A company hosts its core network services, including directory services and DNS, in its on–premises data center. The data center is connected to the AWS Cloud using AWS Direct Connect (DX). Additional AWS accounts are planned that will require quick, cost–effective, and consistent access to these network services.

What should a solutions architect implement to meet these requirements with the LEAST amount of operational overhead?

RefreshNextRandom

D. Configure AWS Transit Gateway between the accounts. Assign DX to the transit gateway and route network traffic to the on-premises servers.
All Home

All Question 164/790


A solutions architect has configured the following IAM policy.
A solutions architect has configured the following IAM policy.
Which action will be allowed by the policy?

RefreshNextRandom

D. An AWS Lambda function can be deleted from the 220 100.16 0 20 network
All Home

All Question 165/790


A client needs you to import some existing infrastructure from a dedicated hosting provider to AWS to try and save on the cost of running his current website. He also needs an automated process that manages backups, software patching, automatic failure detection, and recovery. You are aware that his existing setup currently uses an Oracle database.

Which of the following AWS databases would be best for accomplishing this task?

RefreshNextRandom

A. Amazon RDS
Amazon RDS gives you access to the capabilities of a familiar MySQL, Oracle, SQL Server, or PostgreSQL database engine. This means that the code, applications, and tools you already use today with your existing databases can be used with Amazon RDS. Amazon RDS automatically patches the database software and backs up your database, storing the backups for a user- defined retention period and enabling point-in-time recovery. References: Amazon Relational Database Service > User Guide > What is Amazon Relational Database Service (Amazon RDS)?
All Home

All Question 166/790


A company wants to use Amazon S3 for the secondary copy of its on–premises dataset. The company would rarely need to access this copy. The storage solution's cost should be minimal.

Which storage solution meets these requirements?

RefreshNextRandom

D. S3 One Zone-Infrequent Access (S3 One Zone-IA)
All Home

All Question 167/790


A company stores 200 GB of data each month in Amazon S3. The company needs to perform analytics on this data at the end of each month to determine the number of items sold in each sales region for the previous month.

Which analytics strategy is MOST cost–effective for the company to use?

RefreshNextRandom

A. Create an Amazon Elasticsearch Service (Amazon ES) cluster. Query the data in Amazon ES. Visualize the data by using Kibana.
All Home

All Question 168/790


Application developers have noticed that a production application is very slow when business reporting users run large production reports against the Amazon RDS instance backing the application. the CPU and memory utilization metrics for the RDS instanced not exceed 60% while the reporting queries are running. The business reporting users must be able to generate reports without affecting the applications performance.

Which action will accomplish this?

RefreshNextRandom

D. Create a read replication and connect the business reports to it.
All Home

All Question 169/790


A company hosts its multi–tier applications on AWS.

For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made o these resources.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls
All Home

All Question 170/790


A company runs a web service on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across two Availability Zones. The company needs a minimum of four instances at all times to meet the required service level agreement (SLA) while keeping costs low.

If an Availability Zone fails, how can the company remain compliant with the SLA?

RefreshNextRandom

A. Add a target tracking scaling policy with a short cooldown period.
All Home

All Question 171/790


A company is using a third–party vendor to manage its marketplace analytics. The vendor needs limited programmatic access to resources in the company's account. All the needed policies have been created to grant appropriate access.

Which additional component will provide the vendor with the MOST secure access to the account?

RefreshNextRandom

B. Implement a service control policy (SCP)
All Home

All Question 172/790


A financial company operates its production AWS environment in the us–east–1 Region and uses Amazon Elastic Block Store (Amazon EBS) snapshots to back up its instances.

To meet a compliance requirement, the company must maintain a secondary copy of all critical data at least 100 miles (160.9 km) away from its primary location.

What is the MOST cost–effective way for the company to meet this requirement?

RefreshNextRandom

C. Replicate the EBS snapshots to us-west-1.
All Home

All Question 173/790


A company creates business–critical 3D images every night. The images are batch–processed every Friday and require an uninterrupted 48 hours to complete.

What is the MOST cost–effective Amazon EC2 pricing model for this scenario?

RefreshNextRandom

B. Scheduled Reserved Instances
Scheduled Reserved Instances (Scheduled Instances) enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term. You reserve the capacity in advance, so that you know it is available when you need it. You pay for the time that the instances are scheduled, even if you do not use them. Scheduled Instances are a good choice for workloads that do not run continuously, but do run on a regular schedule. For example, you can use Scheduled Instances for an application that runs during business hours or for batch processing that runs at the end of the week. CORRECT: "Scheduled Reserved Instances" is the correct answer. INCORRECT: "Standard Reserved Instances" is incorrect as the workload only runs for 4 hours a day this would be more expensive. INCORRECT: "On-Demand Instances" is incorrect as this would be much more expensive as there is no discount applied. INCORRECT: "Spot Instances" is incorrect as the workload cannot be interrupted once started. With Spot instances workloads can be terminated if the Spot price changes or capacity is required. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Scheduled Reserved Instances
All Home

All Question 174/790


A company is running an application on Amazon EC2 instances hosted in a private subnet of a VPC.

The EC2 instances are configured in an Auto Scaling group behind an Elastic Load Balancer (ELB).

The EC2 instances use a NAT gateway for outbound internet access.

However the EC2 instances are not able to connect to the public internet to download software updates.

What are the possible root causes of this issue? (Select TWO )

RefreshNextRandom

B. The route tables in the VPC are configured incorrectly
E. The outbound rules on the security group attached to the EC2 Instances are configured incorrectly.
All Home

All Question 175/790


A solutions architect observes that a nightly batch processing job is automatically scaled up for 1 hour before the desired Amazon EC2 capacity is reached. The peak capacity is the same every night and the batch jobs always start at 1 AM. The solutions architect needs to find a cost–effective solution that will allow for the desired EC2 capacity to be reached quickly and allow the Auto Scaling group to scale down after the batch jobs are complete.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

C. Configure scheduled scaling to scale up to the desired compute level.
All Home

All Question 176/790


A company wants to move its on–premises network, attached storage (NAS) to AWS. The company wants to make the data available to any Linux instances within its VPC and ensure changes are automatically synchronized across all instances accessing the data store. The majority of the data is accessed very rarely, and some files are accessed by multiple users at the same time.
Which solution meets these requirements and is MOST cost–effective?

RefreshNextRandom

D. Create an Amazon Elastic File System (Amazon EFS) file system within the VP
C. Set the lifecycle policy to transition the data to EFS Infrequent Access (EFS IA) after the appropriate number of days.
All Home

All Question 177/790



Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

RefreshNextRandom

A. Replace the current security group of the bastion host with one that only allows inbound access from the application instances.
C. Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company.
All Home

All Question 178/790


An application team has started using Amazon EMR to run batch jobs using datasets located in Amazon S3.

During the initial testing of the workload a solutions architect notices that the account is starting to accrue NAT gateway data processing costs.

How can the learn optimize the cost of the workload?

RefreshNextRandom

A. Detach the NAT gateway from the subnet where the Amazon EMR clusters are running
All Home

All Question 179/790


A media company stores video content in an Amazon Elastic Block Store (Amazon EBS) volume. A certain video file has become popular and a large number of users across the world are accessing this content.

This has resulted in a cost increase.

Which action will DECREASE cost without compromising user accessibility?

RefreshNextRandom

B. Store the video in an Amazon S3 bucket and create an Amazon CloudFront distribution.
All Home

All Question 180/790


A company wants to create an application that will transmit protected health information (PHI) to thousands of service consumers in different AWS accounts.

The application servers will sit in private VPC subnets The routing for the application must be fault tolerant.

What should be done to meet these requirements?

RefreshNextRandom

A. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection
All Home

All Question 181/790


A company uses Amazon S3 as its object storage solution. The company has thousands of S3 buckets it uses to store data. Some of the S3 buckets have data that is accessed less frequently than others. A solutions architect found that lifecycle policies are not consistently implemented or are implemented partially, resulting in data being stored in high–cost storage.

Which solution will lower costs without compromising the availability of objects?

RefreshNextRandom

C. Use S3 Intelligent-Tiering storage.
All Home

All Question 182/790


A company hosts its multi–tier public web application in the AWS Cloud. The web application runs on Amazon EC2 instances and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes.

What should the solutions architect do to meet this requirement?

RefreshNextRandom

B. Enable detailed monitoring on all EC2 instances Use Amazon CloudWatch metrics to perform further analysis
All Home

All Question 183/790


A solutions architect is designing a new API using Amazon API Gateway that will receive requests from users. The volume of requests is highly variable; several hours can pass without receiving a single request.

The data processing will take place asynchronously, but should be completed within a few seconds after a request is made.

Which compute service should the solutions architect have the API invoke to deliver the requirements at the lowest cost?

RefreshNextRandom

B. An AWS Lambda function
All Home

All Question 184/790


A company runs a static website through its on–premises data center. The company has multiple servers that handle all of its traffic, but on busy days, services are interrupted and the website becomes unavailable.

The company wants to expand its presence globally and plans to triple its website traffic.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

D. Use Amazon Route 53 to distribute the loads across multiple Amazon CloudFront distributions for each AWS Region that exists globally.
All Home

All Question 185/790


A start–up company has a web application based in the us–east–1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones As the company's user base grows in the us–west–1 Region, it needs 3 solution with low latency and high availability.

What should a solutions architect do to accomplish this?

RefreshNextRandom

C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
ELB provides load balancing within one Region, AWS Global Accelerator provides traffic management across multiple Regions […] AWS Global Accelerator complements ELB by extending these capabilities beyond a single AWS Region, allowing you to provision a global interface for your applications in any number of Regions. If you have workloads that cater to a global client base, we recommend that you use AWS Global Accelerator. If you have workloads hosted in a single AWS Region and used by clients in and around the same Region, you can use an Application Load Balancer or Network Load Balancer to manage your resources. References: AWS Global Accelerator FAQs
All Home

All Question 186/790


Amazon EBS provides the ability to create backups of any Amazon EC2 volume into what is known as ________ .

RefreshNextRandom

A. snapshots
Amazon allows you to make backups of the data stored in your EBS volumes through snapshots that can later be used to create a new EBS volume. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Storage
All Home

All Question 187/790


A solutions architect is creating a data processing job that runs once daily and can take up to 2 hours to complete If the job is interrupted, it has to restart from the beginning

How should the solutions architect address this issue in the MOST cost–effective manner?

RefreshNextRandom

C. Use an Amazon Elastic Container Service (Amazon ECS) Fargate task triggered by an Amazon EventBridge (Amazon CloudWatch Events) scheduled event.
All Home

All Question 188/790


As part of budget planning, management wants a report of AWS billed items listed by user. The data will be used to create department budgets. A solutions architect needs to determine the most efficient way to obtain this report information.

Which solution meets these requirements?

RefreshNextRandom

B. Create a report in Cost Explorer and download the report.
All Home

All Question 189/790


A company runs an application on Amazon EC2 instances. The application is deployed in private subnets in three Availability Zones of the us–east–1 Region. The instances must be able to connect to the internet to download files. The company wants a design that is highly available across the Region.

Which solution should be implemented to ensure that there are no disruptions to internet connectivity?

RefreshNextRandom

B. Deploy a NAT gateway in a public subnet of each Availability Zone.
All Home

All Question 190/790


A company has 700 TB of backup data stored in network attached storage (NAS) in its data center This backup data need to be accessible for infrequent regulatory requests and must be retained 7 years. The company has decided to migrate this backup data from its data center to AWS. The migration must be complete within 1 month. The company has 500 Mbps of dedicated bandwidth on its public internet connection available for data transfer.

What should a solutions architect do to migrate and store the data at the LOWEST cost?

RefreshNextRandom

A. Order AWS Snowball devices to transfer the data. Use a lifecycle policy to transition the files to Amazon S3 Glacier Deep Archive.
All Home

All Question 191/790


A financial services company has a web application that serves users in the United States and Europe. The application consists of a database tier and a web server tier. The database tier consists of a MySQL database hosted in us–east–1. Amazon Route 53 geoproximity routing is used to direct traffic to instances in the closest Region. A performance review of the system reveals that European users are not receiving the same level of query performance as those in the United States.

Which changes should be made to the database tier to improve performance?

RefreshNextRandom

D. Migrate the database to an Amazon Aurora global database in MySQL compatibility mode. Configure read replicas in one of the European Regions.
The issue here is latency with read queries being directed from Australia to UK which is great physical distance. A solution is required for improving read performance in Australia. An Aurora global database consists of one primary AWS Region where your data is mastered, and up to five read-only, secondary AWS Regions. Aurora replicates data to the secondary AWS Regions with typical latency of under a second. You issue write operations directly to the primary DB instance in the primary AWS Region. This solution will provide better performance for users in the Australia Region for queries. Writes must still take place in the UK Region but read performance will be greatly improved. CORRECT: "Migrate the database to an Amazon Aurora global database in MySQL compatibility mode. Configure read replicas in ap-southeast-2" is the correct answer. INCORRECT: "Migrate the database to Amazon RDS for MySQL. Configure Multi-AZ in the Australian Region" is incorrect. The database is located in UK. If the database is migrated to Australia then the reverse problem will occur. Multi-AZ does not assist with improving query performance across Regions. INCORRECT: "Migrate the database to Amazon DynamoDB. Use DynamoDB global tables to enable replication to additional Regions" is incorrect as a relational database running on MySQL is unlikely to be compatible with DynamoDB. INCORRECT: "Deploy MySQL instances in each Region. Deploy an Application Load Balancer in front of MySQL to reduce the load on the primary instance" is incorrect as you can only put ALBs in front of the web tier, not the DB tier. References: Amazon Aurora > User Guide for Aurora > Using Amazon Aurora global databases
All Home

All Question 192/790


A company is using Amazon RDS for MySQL. The company disaster recovery requirements state that a near real–time replica of the database must be maintained on–premises.

The company wants the data to be encrypted in transit/ Which solution meets these requirements?

RefreshNextRandom

D. Use the Amazon RDS Multi-Az Feature. Choose on-premises as the failover availability zone over an IPsec VPN on top of an AWS Direct Connect Connection
All Home

All Question 193/790


A company has several Amazon EC2 instances set up in a private subnet for security reasons. These instances host applications that read and write large amounts of data to and from Amazon S3 regularly.

Currently, subnet routing directs all the traffic destined for the internet through a NAT gateway. The company wants to optimize the overall cost without impacting the ability of the application to communicate with Amazon S3 or the outside internet.

What should a solutions architect do to optimize costs?

RefreshNextRandom

C. Create a VPC endpoint for Amazon S3. Attach an endpoint policy to the endpoint. Update the route table to direct traffic to the VPC endpoint.
All Home

All Question 194/790


A company needs a secure connection between its on–premises environment and AWS. This connection does not need high bandwidth and will handle a small amount of traffic. The connection should be set up quickly.

What is the MOST cost–effective method to establish this type of connection?

RefreshNextRandom

D. Implement an AWS Site-to-Site VPN connection.
All Home

All Question 195/790


A company's cloud operations team wants to standardize resource remediation.

The company wants to provide a standard set of governance evaluations and remediation's to all member accounts in its organization in AWS Organizations.

Which self–managed AWS service can the company use to meet these requirements with the LEAST amount of operational effort?

RefreshNextRandom

A. AWS Security Hub compliance standards
All Home

All Question 196/790


A company must re–evaluate its need for the Amazon EC2 instances it currently has provisioned in an Auto Scaling group. At present, the Auto Scaling group is configured for a minimum of two instances and a maximum of four instances across two Availability Zones. A Solutions architect reviewed Amazon CloudWatch metrics and found that CPU utilization is consistently low for all the EC2 instances.

What should the solutions architect recommend to maximize utilization while ensuring the application remains fault–tolerant?

RefreshNextRandom

D. Create a new launch configuration that uses smaller instance types. Update the existing Auto Scaling group.
As the Launch Configuration can't be modified once created, only way to update the Launch Configuration for an Auto Scaling group is to create a new one and associate it with the Auto Scaling group.
All Home

All Question 197/790


A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that each time they refreshed the website, they could see one subset of their documents or the other, but never all of the documents at the same time.

What should a solutions architect propose to ensure users see all of their documents at once?

RefreshNextRandom

C. Copy the data from both EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS.
Amazon EFS provides file storage in the AWS Cloud. With Amazon EFS, you can create a file system, mount the file system on an Amazon EC2 instance, and then read and write data to and from your file system. You can mount an Amazon EFS file system in your VPC, through the Network File System versions 4.0 and 4.1 (NFSv4) protocol. We recommend using a current generation Linux NFSv4.1 client, such as those found in the latest Amazon Linux, Redhat, and Ubuntu AMIs, in conjunction with the Amazon EFS Mount Helper. For instructions, see Using the amazon-efs-utils Tools. For a list of Amazon EC2 Linux Amazon Machine Images (AMIs) that support this protocol, see NFS Support. For some AMIs, you'll need to install an NFS client to mount your file system on your Amazon EC2 instance. For instructions, see Installing the NFS Client. You can access your Amazon EFS file system concurrently from multiple NFS clients, so applications that scale beyond a single connection can access a file system. Amazon EC2 instances running in multiple Availability Zones within the same AWS Region can access the file system, so that many users can access and share a common data source. How Amazon EFS Works with Amazon EC2
All Home

All Question 198/790


A company wants to migrate its 1PB on–premises image repository to AWS.

The images will be used by a serverless web application Images stored in the repository are rarely accessed, but they must be immediately available. Additionally, the images must be encrypted at rest and protected from accidental deletion.

Which solution meets these requirements?

RefreshNextRandom

B. Store the images in an Amazon S3 bucket in the S3 Standard-Infrequent Access (S3 Standard- IA) storage class. Enable versioning: default encryption, and MFA Delete on the S3 bucket
All Home

All Question 199/790


A company has a 143 TB MySQL database that it wants to migrate to AWS. The plan is to use Amazon Aurora MySQL as the platform going forward. The company has a 100 Mbps AWS Direct Connect connection to Amazon VPC.

Which solution meets the company's needs and takes the LEAST amount of time?

RefreshNextRandom

D. Order four 50-TB AWS Snowball devices and copy the database backup onto them. Have AWS import the data into Amazon S3. Import the data into Aurora.
All Home

All Question 200/790


A company that operates a web application on–premises is preparing to launch a newer version of the application on AWS. The company needs to route requests to either the AWS–hosted or the on–premises–hosted application based on the URL query string.

The on–premises application is not available from the internet, and a VPN connection is established between Amazon VPC and the company's data center. The company wants to use an Application Load Balancer (ALB) for this launch.

Which solution meets these requirements?

RefreshNextRandom

C. Use one ALB with two target groups: one for the AWS resource and one for on-premises. Add hosts to each target group of the AL
B. Configure listener rules based on the URL query string.
The host-based routing feature allows you to write rules that use the Host header to route traffic to the desired target group. Today we are extending and generalizing this feature, giving you the ability to write rules (and route traffic) based on standard and custom HTTP headers and methods, the query string, and the source IP address. References: AWS News Blog > New – Advanced Request Routing for AWS Application Load Balancers
All Home

All Question 201/790


A company runs an online media site, hosted on–premises. An employee posted a product review that contained videos and pictures. The review went viral and the company needs to handle the resulting spike in website traffic.

What action would provide an immediate solution?

RefreshNextRandom

C. Serve the images and videos using an Amazon CloudFront distribution created using the news site as the origin
All Home

All Question 202/790


A company stores project information in a shared spreadsheet. The company wants to create a web application to replace the spreadsheet. The company has chosen Amazon DynamoDB to store the spreadsheet's data and is designing the web application to display the project information that is obtained from DynamoDB.

A solutions architect must design the web application's backend by using managed services that require minimal operational maintenance.

Which architectures meet these requirements? (Select TWO.)

RefreshNextRandom

A. An Amazon API Gateway REST API accesses the project information that is in DynamoD
E. An Elastic Load Balancer forwards requests to a target group of Amazon EC2 instances. The EC2 instances run an application that accesses DynamoD
All Home

All Question 203/790


Your supervisor has asked you to build a simple file synchronization service for your department. He doesn't want to spend too much money and he wants to be notified of any changes to files by email.

What do you think would be the best Amazon service to use for the email solution?

RefreshNextRandom

A. Amazon SES
File change notifications can be sent via email to users following the resource with Amazon Simple Email Service (Amazon SES), an easy-to-use, cost-effective email solution. References: AWS File Synchronization Service
All Home

All Question 204/790


A company Is seeing access requests by some suspicious IP addresses. The security team discovers the requests are horn different IP addresses under the same CIDR range.

What should a solutions architect recommend to the team?

RefreshNextRandom

C. Add a deny rule in the Inbound table of the network ACL with a lower rule number than other rules.
All Home

All Question 205/790


A company has an application that posts messages to Amazon SQS. Another application polls the queue and processes the messages in an I/O–intensive operation. The company has a service level agreement (SLA) that specifies the maximum amount of time that can elapse between receiving the messages and responding to the users. Due to an increase in the number of messages, the company has difficulty meeting its SLA consistently.

What should a solutions architect do to help improve the application's processing time and ensure it can handle the load at any level?

RefreshNextRandom

D. Create an Amazon Machine Image (AMI) from the instance used for processing. Create an Auto Scaling group using this image in its launch configuration. Configure the group with a target tracking policy based on the age of the oldest message in the SQS queue.
All Home

All Question 206/790


After setting up a Virtual Private Cloud (VPC) network, a more experienced cloud engineer suggests that to achieve low network latency and high network throughput you should look into setting up a placement group. You know nothing about this, but begin to do some research about it and are especially curious about its limitations.

Which of the below statements is wrong in describing the limitations of a placement group?

RefreshNextRandom

D. A placement group can span peered VPCs
A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gbps network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking. Placement groups have the following limitations: The name you specify for a placement group a name must be unique within your AWS account. A placement group can't span multiple Availability Zones. Although launching multiple instance types into a placement group is possible, this reduces the likelihood that the required capacity will be available for your launch to succeed. We recommend using the same instance type for all instances in a placement group. You can't merge placement groups. Instead, you must terminate the instances in one placement group, and then relaunch those instances into the other placement group. A placement group can span peered VPCs; however, you will not get full-bisection bandwidth between instances in peered VPCs. For more information about VPC peering connections, see VPC Peering in the Amazon VPC User Guide. You can't move an existing instance into a placement group. You can create an AMI from your existing instance, and then launch a new instance from the AMI into a placement group. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Placement groups
All Home

All Question 207/790


A company wants to migrate la accounting system from an on–premises data center to the AWS Cloud in a single AWS Region Data security and an immutable audit log are the top priorities.

The company must monitor all AWS activities for compliance auditing. The company has enabled AWS CloudTrail but wants to make sure it meets these requirements.

Which actions should a solutions architect take to protect and secure CloudTrail? (Select TWO.)

RefreshNextRandom

C. Enable logging of insights events in CloudTrail
E. Create an AWS Config rule to monitor whether CloudTrail is configured to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS)
All Home

All Question 208/790


A company is using various types of amazon EC–2 On–Demand instances.

The company suspects that these instances have greater CPU and memory capacity than its workloads require.

Which actions should the company take to obtain recommendation to optimize cost?

RefreshNextRandom

A. Use AWS Trusted Advisor for instance type recommendations.
D. Use Cost Explorer rightsizing recommendations.
All Home

All Question 209/790


A company has a service that produces event data. The company wants to use AWS to process the event data as it is received. The data is written in a specific order that must be maintained throughout processing. The company wants to implement a solution that minimizes operational overhead.

How should a solution architect accomplish this"

RefreshNextRandom

A. Create an Amazon Simple Queue Service (Amazon SOS) FIFO queue to hold messages. Set up an AWS Lambda function to process messages from the queue.
All Home

All Question 210/790


A solutions architect is designing a high performance computing (HPC) workload on Amazon EC2. The EC2 instances need to communicate to each other frequently and require network performance with low latency and high throughput.

Which EC2 configuration meets these requirements?

RefreshNextRandom

A. Launch the EC2 instances in a cluster placement group in one Availability Zone.
When you launch a new EC2 instance, the EC2 service attempts to place the instance in such a way that all of your instances are spread out across underlying hardware to minimize correlated failures. You can use placement groups to influence the placement of a group of interdependent instances to meet the needs of your workload. Depending on the type of workload, you can create a placement group using one of the following placement strategies: Cluster • packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications. Partition • spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka. Spread • strictly places a small group of instances across distinct underlying hardware to reduce correlated failures. For this scenario, a cluster placement group should be used as this is the best option for providing low-latency network performance for a HPC application. CORRECT: "Launch the EC2 instances in a cluster placement group in one Availability Zone" is the correct answer. INCORRECT: "Launch the EC2 instances in a spread placement group in one Availability Zone" is incorrect as the spread placement group is used to spread instances across distinct underlying hardware. INCORRECT: "Launch the EC2 instances in an Auto Scaling group in two Regions. Place a Network Load Balancer in front of the instances" is incorrect as this does not achieve the stated requirement to provide low-latency, high throughput network performance between instances. Also, you cannot use an ELB across Regions. INCORRECT: "Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones" is incorrect as this does not reduce network latency or improve performance. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Placement groups
All Home

All Question 211/790


A company has been storing analytics data in an Amazon RDS instance for the past few years. The company asked a solutions architect to find a solution that allows users to access this data using an API.

The expectation is that the application will experience periods of inactivity but could receive bursts of traffic within seconds.

Which solution should the solution architect suggest?

RefreshNextRandom

C. Set up an Amazon API Gateway and use AWS Lambda functions.
AWS Lambda: With Lambda, you can run code for virtually any type of application or backend service – all with zero administration. Just upload your code and Lambda takes care of everything required to run and scale your code with high availability. You can set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app. How it works Amazon API Gateway: Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. APIs act as the "front door" for applications to access data, business logic, or functionality from your backend services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications. API Gateway supports containerized and serverless workloads, as well as web applications. API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, CORS support, authorization and access control, throttling, monitoring, and API version management. API Gateway has no minimum fees or startup costs. You pay for the API calls you receive and the amount of data transferred out and, with the API Gateway tiered pricing model, you can reduce your cost as your API usage scales. This question is simply asking you to work out the best compute service for the stated requirements. The key requirements are that the compute service should be suitable for a workload that can range quite broadly in demand from no requests to large bursts of traffic. AWS Lambda is an ideal solution as you pay only when requests are made and it can easily scale to accommodate the large bursts in traffic. Lambda works well with both API Gateway and Amazon RDS. CORRECT: "Set up an Amazon API Gateway and use AWS Lambda functions" is the correct answer. INCORRECT: "Set up an Amazon API Gateway and use Amazon ECS" is incorrect as Lambda is a better fit for this use case as the traffic patterns are highly dynamic. INCORRECT: "Set up an Amazon API Gateway and use AWS Elastic Beanstalk" is incorrect as Lambda is a better fit for this use case as the traffic patterns are highly dynamic. INCORRECT: "Set up an Amazon API Gateway and use Amazon EC2 with Auto Scaling" is incorrect as Lambda is a better fit for this use case as the traffic patterns are highly dynamic. References: AWS Lambda > Developer Guide > Lambda function scaling
All Home

All Question 212/790


A company has several web servers that need to frequently access a common Amazon RDS MySQL Multi–AZ instance.

The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.

A company has several web servers that need to frequently access a common Amazon ROS MySQL Muto–AZ DB instance.

The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.

Which solution meets these requirements?

RefreshNextRandom

A. Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager
All Home

All Question 213/790


A company wants to reduce its Amazon S3 storage costs in its production environment without impacting durability or performance of the stored objects.

What is the FIRST step the company should take to meet these objectives?

RefreshNextRandom

D. Migrate the objects in all S3 buckets to S3 Intelligent-Tiering.
All Home

All Question 214/790


A company has data stored in an on–premises data center that is used by several on–premises applications.

The company wants to maintain its existing application environment and be able to use AWS services for data analytics and future visualizations.

Which storage service should a solutions architect recommend?

RefreshNextRandom

B. AWS Storage Gateway for files
All Home

All Question 215/790


A company has developed a microservices application. It uses a client–facing API with Amazon API Gateway and multiple internal services hosted on Amazon EC2 instances to process user requests. The API is designed to support unpredictable surges in traffic, but internal services may become overwhelmed and unresponsive for a period of time during surges. A solutions architect needs to design a more reliable solution that reduces errors when internal services become unresponsive or unavailable.

Which solution meets these requirements?

RefreshNextRandom

D. Use Amazon Simple Queue Service (Amazon SQS) to store user requests as they arrive. Change the internal services to retrieve the requests from the queue for processing.
All Home

All Question 216/790


A user is launching an EC2 instance in the US East region. Which of the below mentioned options is recommended by AWS with respect to the selection of the availability zone?

RefreshNextRandom

C. Do not select the AZ; instead let AWS select the AZ
When launching an instance with EC2, AWS recommends not to select the availability zone (AZ). AWS specifies that the default Availability Zone should be accepted. This is because it enables AWS to select the best Availability Zone based on the system health and available capacity. If the user launches additional instances, only then an Availability Zone should be specified. This is to specify the same or different AZ from the running instances. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > What is Amazon EC2?
All Home

All Question 217/790


A company is hosting a website behind multiple Application Load Balancers. The company has different distribution rights for its content around the world. A solutions architect needs to ensure that users are served the correct content without violating distribution rights.

Which configuration should the solutions architect choose to meet these requirements?

RefreshNextRandom

C. Configure Amazon Route 53 with a geolocation policy.
Geolocation routing policy C Use when you want to route traffic based on the location of your users. References: Amazon Route 53 > Developer Guide > Choosing a routing policy
All Home

All Question 218/790


An Elastic IP address (EIP) is a static IP address designed for dynamic cloud computing. With an EIP, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. Your EIP is associated with your AWS account, not a particular EC2 instance, and it remains associated with your account until you choose to explicitly release it. By default how many EIPs is each AWS account limited to on a per region basis?

RefreshNextRandom

B. 5
By default, all AWS accounts are limited to 5 Elastic IP addresses per region for each AWS account, because public (IPv4) Internet addresses are a scarce public resource. AWS strongly encourages you to use an EIP primarily for load balancing use cases, and use DNS hostnames for all other inter-node communication. If you feel your architecture warrants additional EIPs, you would need to complete the Amazon EC2 Elastic IP Address Request Form and give reasons as to your need for additional addresses. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Elastic IP address limit
All Home

All Question 219/790


A company has an application that servers clients that are deployed in more than 20,000 retail storefront locations around the world.

The application consists of backend web services that are exposed over HTTPS on port 443. The application is hosted on Amazon EC2 instance behind an Application Load balancer (ALB). The retail locations communicate with the web applications over the public internet.

The company allows each retail location to register the IP address that the retail location has been allocated by its local ISP.

The company's security team recommends to increase the security of the application endpoint by restricting access to only the IP addresses registered by the retail locations.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Store the IP addresses in an Amazon DynamicDB table. Configure an AWS Lambda authorization function on the ALB to validate that incoming requests are from the registered IP addresses.
All Home

All Question 220/790


A company has recently updated its internal security standards.

The company must now ensure all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes are encrypted with keys created and periodically rotated by internal security specialists.

The company is looking for a native, software–based AWS service to accomplish this goal.

What should a solutions architect recommend as a solution?

RefreshNextRandom

A. Use AWS Secrets Manager with customer master keys (CMKs) to store master key material and apply a routine to create a new CMK periodically and replace it in AWS Secrets Manager.
AWS Secrets Manager provides full lifecycle management for secrets within your environment. In this post, Maitreya and I will show you how to use Secrets Manager to store, deliver, and rotate SSH keypairs used for communication within compute clusters. Rotation of these keypairs is a security best practice, and sometimes a regulatory requirement. Traditionally, these keypairs have been associated with a number of tough challenges. For example, synchronizing key rotation across all compute nodes, enable detailed logging and auditing, and manage access to users in order to modify secrets.
All Home

All Question 221/790


A company is hosting multiple websites for several lines of business under its registered parent domain.

Users accessing these websites will be routed to appropriate backend Amazon EC2 instances based on the subdomain. The websites host static webpages, images, and server–side scripts like PHP and JavaScript. Some of the websites experience peak access during the first two hours of business with constant usage throughout the rest of the day. A solutions architect needs to design a solution that will automatically adjust capacity to these traffic patterns while keeping costs low.

Which combination of AWS services or features will meet these requirements? (Choose two.)

RefreshNextRandom

C. Application Load Balancer
D. Amazon EC2 Auto Scaling References: Amazon Simple Storage Service > User Guide > Hosting a static website using Amazon S3
All Home

All Question 222/790


A company wants to run a static website served through Amazon CloudFront.

What is an advantage of storing the website content in an Amazon S3 bucket instead of an Amazon Elastic Block Store (Amazon EBS) volume?

RefreshNextRandom

B. S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin
All Home

All Question 223/790


A solutions architect has created a new AWS account and must secure AWS account root user access.

Which combination of actions will accomplish this? (Choose two.)

RefreshNextRandom

A. Ensure the root user uses a strong password.
B. Enable multi-factor authentication to the root user.
"Enable MFA" The AWS Account Root User – https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root- user.html "Choose a strong password" Changing the AWS Account Root User Password – References: AWS Identity and Access Management > User Guide > Changing the AWS account root user password
All Home

All Question 224/790


A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.

What should a solutions architect do to secure the audit documents?

RefreshNextRandom

A. Enable the versioning and MFA Delete features on the S3 bucket
All Home

All Question 225/790


A company has deployed an API in a VPC behind an internet–facing Application Load Balancer (ALB). An application that consumes the API as a client is deployed in a second account in private subnets behind a NAT gateway. When requests to the client application increase, the NAT gateway costs are higher than expected. A solutions architect has configured the ALB to be internal.

Which combination of architectural changes will reduce the NAT gateway costs? (Choose two.)

RefreshNextRandom

A. Configure a VPC peering connection between the two VPCs. Access the API using the private address.
D. Configure a PrivateLink connection for the API into the client VP
C. Access the API using the PrivateLink address.
PrivateLink makes it easy to connect services across different accounts and VPCs to significantly simplify the network architecture. There is no API listed in shareable resources for RAM. References: AWS Resource Access Manager > User Guide > Shareable AWS resources
All Home

All Question 226/790


A company has hired a solutions architect to design a reliable architecture for its application.

The application consists of one Amazon RDS DB instance and two manually provisioned Amazon EC2 instances that run web servers.

The EC2 instances are located in a single Availability Zone.

An employee recently deleted the DB instance and the application was unavailable for 24 hours as a result.

The company is concerned with the overall reliability of its environment.

What should the solutions architect do to maximize reliability of the application's infrastructure?

RefreshNextRandom

B. Update the DB instance to be Multiple-AZ and enable deletion protection. Place the EC2 instances behind an Application Load Balancer and run them in an EC2 Auto Seating group across multiple Availability Zones
All Home

All Question 227/790


A solutions architect is creating a new Amazon CloudFront distribution for an application Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

RefreshNextRandom

A. Configure a CloudFront signed URL
All Home

All Question 228/790


A company is building a website that relies on reading and writing to an Amazon DynamoDB database. The traffic associated with the website predictably peaks during business hours on weekdays and declines overnight and during weekends. A solutions architect needs to design a cost–effective solution that can handle the load.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

C. Enable DynamoDB auto scaling when creating the tables.
All Home

All Question 229/790


Which of the following is true of Amazon EC2 security group?

RefreshNextRandom

D. You can modify the rules for a security group at any time.
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Amazon EC2 security groups for Linux instances
All Home

All Question 230/790


A company fails an AWS security review conducted by a third party.

The review finds that some of the company's methods to access the Amazon EMR API are not secure.

Developers are using AWS Cloud9, and access keys are connecting to the Amazon EMR API through the public internet.

Which combination of steps should the company take to MOST improve its security? (Select TWO)

RefreshNextRandom

B. Set up VPC endpoints to connect to the Amazon EMR API
D. Set up IAM roles to be used to connect to the Amazon EMR API
All Home

All Question 231/790


A solutions architect is designing a shared storage solution for a web application that is deployed across multiple Availability Zones.

The web application runs on Amazon EC2 instances in an Auto Scaling group.

The company anticipates making frequent changes to the content, so the solution must have strong consistency.

Which solution meets these requirements?

RefreshNextRandom

B. Create an Amazon Elastic File System (Amazon EFS) file system and mount it on the individual EC2 instances.
All Home

All Question 232/790


A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.

What should a solutions architect do to mitigate any single point of failure in this architecture?

RefreshNextRandom

A. Add a second virtual private gateway and attach it to the Management VPC.
All Home

All Question 233/790


A company has an on–premises application that generates a large amount of time–sensitive data that is backed up to Amazon S3.

The application has grown and there are user complaints about internet bandwidth limitations. A solutions architect needs to design a long–term solution that allows for both timely backups to Amazon S3 and with minimal impact on internet connectivity for internal users.

Which solution meets these requirements?

RefreshNextRandom

B. Establish a new AWS Direct Connect connection and direct backup traffic through this new connection.
All Home

All Question 234/790


A solutions architect needs to design a low–latency solution for a static single–page application accessed by users utilizing a custom domain name. The solution must be serverless, encrypted in transit, and cost–effective.

Which combination of AWS services and features should the solutions architect use? (Choose two.)

RefreshNextRandom

A. Amazon S3
D. Amazon CloudFront
All Home

All Question 235/790


A company is processing data on a daily basis. The results of the operations are stored in an Amazon S3 bucket, analyzed daily for one week, and then must remain immediately accessible for occasional analysis.

What is the MOST cost–effective storage solution alternative to the current configuration?

RefreshNextRandom

D. Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
All Home

All Question 236/790


A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.

The files are stored in an on–premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.

Which solution will meet these requirements?

RefreshNextRandom

C. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
All Home

All Question 237/790


A social media company is building a feature for its website. The feature will give users the ability to upload photos. The company expects significant increases in demand during large events and must ensure that the website can handle the upload traffic from users.

Which solution meets these requirements with the MOST scalability?

RefreshNextRandom

C. Generate Amazon S3 presigned URLs in the application. Upload files directly from the user's browser into an S3 bucket
All Home

All Question 238/790


A company is running an application on AWS to process weather sensor data that is stored in an Amazon S3 bucket.

Three batch jobs run hourly to process the data in the S3 bucket for different purposes.

The company wants to reduce the overall processing time by running the three applications in parallel using an event–based approach.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SQS) FIFO queues. Create an additional SQS queue for each application and subscribe each queue to the initial topic for processing
All Home

All Question 239/790


A company provides a three–tier web application to its customers.

Each customer has an AWS account in which the application is deployed, and these accounts are members of the company's organization in AWS Organizations.

To protect its customers' AWS accounts and applications the company wants to monitor them for unusual and unexpected behavior.

The company needs to analyze and monitor customer VPC Flow Logs. AWS CloudTrail logs, and DNS logs.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

B. Designate an account in the organization as the Amazon GuardDuty master account. Enable GuardDuty in every account and invite the accounts to join the GuardDuty master account Analyze GuardDuty finding in the GuardDuty master account
All Home

All Question 240/790


A company wants to migrate its web application to AWS. The legacy web application consists of a web tier, an application tier, and a MySQL database. The re–architected application must consist of technologies that do not require the administration team to manage instances or clusters.

Which combination of services should a solutions architect include in the overall architecture? (Choose two.)

RefreshNextRandom

D. Amazon RDS for MySQL
E. AWS Fargate
All Home

All Question 241/790


A development team is creating an event–based application that uses AWS Lambda functions. Events will be generated when files are added to an Amazon S3 bucket.

The development team currently has Amazon Simple Notification Service (Amazon SNS) configured as the event target from Amazon S3.

What should a solution architect do to process the events from Amazon S3 in a scalable way?

RefreshNextRandom

D. Create an SNS subscription that sends the event to AWS Server Migration Service (AWS SMS). Configure the Lambda function to poll from the SMS event
All Home

All Question 242/790


A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight, the application becomes much slower when the month–end financial calculation batch executes. This causes the CPU utilization of the EC2 instances to immediately peak to 100%, which disrupts the application.

What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?

RefreshNextRandom

C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
All Home

All Question 243/790


A company recently launched its website to serve content to its global user base. The company wants to store and accelerate the delivery of static content to its users by leveraging Amazon CloudFront with an Amazon EC2 instance attached as its origin.

How should a solutions architect optimize high availability for the application?

RefreshNextRandom

A. Use Lambda@Edge for CloudFront.
All Home

All Question 244/790


A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda.

The application's traffic recently spiked due to fraudulent requests from botnets.

Which steps should a solutions architect take to block requests from unauthorized users? (Select TWO.)

RefreshNextRandom

B. Integrate logic within the Lambda function to ignore the requests from fraudulent addresses.
E. Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.
All Home

All Question 245/790



The company is now considering a cloud–based option to reduce the storage costs and operational burden of managing tapes. The company also wants to make sure that the transition from tape backups to the cloud minimizes disruptions.

Which storage solution is MOST cost–effective?

RefreshNextRandom

A. Use Amazon Storage Gateway to back up to Amazon Glacier Deep Archive.
All Home

All Question 246/790


A solutions architect needs to deploy a node js–based web application that is highly available and scales automatically.

The marketing team needs to roll back on application releases quickly and they need to have an operational dashboard.

The Marketing team does not want to manage deployment of operating system patches to the Linux servers.

Which AWS service satisfies these requirements?

RefreshNextRandom

C. AWS Elastic Beanstalk
All Home

All Question 247/790


A company operates a two–tier application for image processing. The application uses two Availability Zones, each with one public subnet and one private subnet. An Application Load Balancer (ALB) for the web tier uses the public subnets.

Amazon EC2 instances for the application tier use the private subnets.

Users report that the application is running more slowly than expected. A security audit of the web server log files shows that the application is receiving millions of illegitimate requests from a small number of IP addresses. A solutions architect needs to resolve the immediate performance problem while the company investigates a more permanent solution.

What should the solutions architect recommend to meet this requirement?

RefreshNextRandom

A. Modify the inbound security group for the web tier. Add a deny rule for the IP addresses that are consuming resources.
All Home

All Question 248/790


A company delivers files in Amazon S3 to certain users who do not have AWS credentials. These users must be given access for a limited time.

What should a solutions architect do to securely meet these requirements?

RefreshNextRandom

B. Generate a presigned URL to share with the users.
All Home

All Question 249/790



Which solution meets these requirements?

RefreshNextRandom

A. Deploy a NAT gateway inside the public subnet for each Availability Zone and associate it with an Elastic IP address. Update the routing table of the private subnet to use it as the default route.
VPC with public and private subnets (NAT) The configuration for this scenario includes a virtual private cloud (VPC) with a public subnet and a private subnet. We recommend this scenario if you want to run a public-facing web application, while maintaining back-end servers that aren't publicly accessible. A common example is a multi-tier website, with the web servers in a public subnet and the database servers in a private subnet. You can set up security and routing so that the web servers can communicate with the database servers. The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can't. Instead, the instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet. The database servers can connect to the Internet for software updates using the NAT gateway, but the Internet cannot establish connections to the database servers. References: Amazon Virtual Private Cloud > User Guide > VPC with public and private subnets (NAT)
All Home

All Question 250/790


A company plans to deploy a new application in AWS that reads and writes information to a database.

The company wants to deploy the application in two different AWS Regions with each application writing to a database in their Region.

The databases in the Two Regions needs to keep We data synchronized What should be used to meet these requirements?

RefreshNextRandom

A. Use Amazon Athena with Amazon S3 Cross-Region Replication
All Home

All Question 251/790


A company is building applications in containers. The company wants to migrate its on–premises development and operations services from its on–premises data center to AWS. Management states that production system must be cloud agnostic and use the same configuration and administrator tools across production systems. A solutions architect needs to design a managed solution that will align open–source software.

Which solution meets these requirements?

RefreshNextRandom

B. Launch the containers on Amazon Elastic Kubernetes Service (Amazon EKS) and EKS workers nodes.
When talking about containerized applications, the leading technologies which will always come up during the conversation are Kubernetes and Amazon ECS (Elastic Container Service). While Kubernetes is an open-sourced container orchestration platform that was originally developed by Google, Amazon ECS is AWS' proprietary, managed container orchestration service.
All Home

All Question 252/790


A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.

Which solution meets these requirements and is the MOST operationally efficient?

RefreshNextRandom

D. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automatic rotation
All Home

All Question 253/790


A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications.

What should a solutions architect do to reduce the operational burden?

RefreshNextRandom

B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys
All Home

All Question 254/790


A company has a web application with sporadic usage patterns. There is heavy usage at the beginning of each month, moderate usage at the start of each week, and unpredictable usage during the week. The application consists of a web server and a MySQL database server running inside the data center. The company would like to move the application to the AWS Cloud, and needs to select a cost–effective database platform that will not require database modifications.

Which solution will meet these requirements?

RefreshNextRandom

B. Amazon RDS for MySQL
All Home

All Question 255/790


A user wants to list the IAM role that is attached to their Amazon EC2 instance. The user has login access to the EC2 instance but does not have IAM permissions.

What should a solutions architect do to retrieve this information?

RefreshNextRandom

A. Run the following EC2 command: curl http://169.254.169.254/latest/meta-data/iam/info References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > IAM roles for Amazon EC2
All Home

All Question 256/790


A company has a customer relationship management (CRM) application that stores data in an Amazon RDS DB instance that runs Microsoft SQL Server. The company's IT staff has administrative access to the database. The database contains sensitive data. The company wants to ensure that the data is not accessible to the IT staff and that only authorized personnel can view the data.

What should a solutions architect do to secure the data?

RefreshNextRandom

D. Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) customer managed key.
All Home

All Question 257/790


A recently created startup built a three–tier web application. The front end has static content. The application layer is based on microservices. User data is stored as JSON documents that need to be accessed with low latency. The company expects regular traffic to be low during the first year, with peaks in traffic when it publicizes new features every month. The startup team needs to minimize operational overhead costs.

What should a solutions architect recommend to accomplish this?

RefreshNextRandom

C. Use Amazon S3 static website hosting to store and serve the front end. Use Amazon API Gateway and AWS Lambda functions for the application layer. Use Amazon DynamoDB to store user data.
All Home

All Question 258/790


A company wants to automate the security assessment of its Amazon EC2 instances. The company needs to validate and demonstrate that security and compliance standards are being followed throughout the development process.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Use Amazon Inspector with Amazon CloudWatch to publish Amazon Simple Notification Service (Amazon SNS) notifications
All Home

All Question 259/790


A restaurant reservation application needs to access a waiting list.

When a customer tries to reserve a table, and none are available, the customer application will put the user on the waiting list, and the application will notify the customer when a table becomes free.

The waiting list must preserve the order in which customers were added to the waiting list. Which service should the solutions architect recommend to store this waiting list?

RefreshNextRandom

C. A FIFO queue in Amazon Simple Queue Service (Amazon SQS)
All Home

All Question 260/790


A company is developing a mobile game that streams score updates to a backend processor and then posts results on a leaderboard A solutions architect needs to design a solution that can handle large traffic spikes process the mobile game updates in order of receipt and store the processed updates in a highly available database. The company also wants to minimize the management overhead required to maintain the solution

What should the solutions architect do to meet these requirements?

RefreshNextRandom

A. Push score updates to Amazon Kinesis Data Streams Process the updates in Kinesis Data Streams with AWS Lambda Store the processed updates in Amazon DynamoDB
You can use Amazon Kinesis Data Streams to collect and process large streams of data records in real-time. You can use Kinesis Data Streams for rapid and continuous data intake and aggregation. The type of data used can include IT infrastructure log data, application logs, social media, market data feeds, and web clickstream data. Because the response time for the data intake and processing is in real-time, the processing is typically lightweight.
All Home

All Question 261/790


A company is planning to use an Amazon DynamoDB table for data storage. The company is concerned about cost optimization. The table will not be used on most mornings in the evenings, the read and write traffic will often be unpredictable. When traffic spikes occur they will happen very quickly.

What should a solutions architect recommend?

RefreshNextRandom

A. Create a DynamoDB table in on-demand capacity mode.
All Home

All Question 262/790


Cost Explorer is showing charges higher than expected for Amazon Elastic Block Store (Amazon EBS) volumes connected to application servers in a production account.

A significant portion of the changes from Amazon EBS are from volumes that were created as Provisioned IOPS SSD (101) volume types Controlling costs is the highest priority for this application.

Which steps should the user take to analyze and reduce the EBS costs without incurring any application downtime? (Select TWO )

RefreshNextRandom

A. Use the Amazon EC2 ModifylnstanceAttribute action to enable EBS optimization on the application server instances
D. Use the Amazon EC2 ModifyVolume action to change the volume type of the underutilized io1 volumes to General Purpose SSD (gp2)
All Home

All Question 263/790


A database is on an Amazon RDS MySQL 5.6 Multi–AZ DB instance that experiences highly dynamic reads.

Application developers notice a significant slowdown when testing read performance from a secondary AWS Region. The developers want a solution that provides less than 1 second of read replication latency.

What should the solutions architect recommend?

RefreshNextRandom

B. Migrate the database to Amazon Aurora with cross-Region replicas.
All Home

All Question 264/790


An ecommerce company is running a multi–tier application on AWS. The front–end and backend tiers both run on Amazon EC2, and the database runs on Amazon RDS for MySQL. The backend tier communicates with the RDS instance. There are frequent calls to return identical datasets from the database that are causing performance slowdowns.

Which action should be taken to improve the performance of the backend?

RefreshNextRandom

B. Implement Amazon ElastiCache to cache the large datasets.
All Home

All Question 265/790


A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets. The EC2 instances access Amazon S3 over the internet, but they do not require any other network access.

A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the internet.

Which change to the network architecture should a solutions architect recommend to meet this requirement?

RefreshNextRandom

C. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets
All Home

All Question 266/790


A company wants to host a scalable web application on AWS. The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost–effective solution to minimize upload and download latency and maximize performance.

What should a solutions architect do to accomplish this?

RefreshNextRandom

A. Use Amazon S3 with Transfer Acceleration to host the application.
The maximum size of a single file that can be delivered through Amazon CloudFront is 20 GB. This limit applies to all Amazon CloudFront distributions.
All Home

All Question 267/790


A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent Otherwise, the payments might be processed incorrectly.

Which actions should a solutions architect take to meet this requirement? (Select TWO.)

RefreshNextRandom

A. Write the messages to an Amazon DynamoDB table with the payment ID as the partition key
E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID
All Home

All Question 268/790


A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls.

Because the individual developers will have AWS account root user–level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.

Which action meets these requirements?

RefreshNextRandom

C. Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts.
All Home

All Question 269/790


A company operates an eCommerce website on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The site is experiencing performance issues related to a high request rate from illegitimate external systems with changing IP addresses. The security team is worried about potential DDoS attacks against the website. The company must block the illegitimate incoming requests in a way that has a minimal impact on legitimate users.

What should a solutions architect recommend?

RefreshNextRandom

B. Deploy AWS WAF, associate it with the ALB, and configure a rate-limiting rule.
Rate limit For a rate-based rule, enter the maximum number of requests to allow in any five-minute period from an IP address that matches the rule's conditions. The rate limit must be at least 100. You can specify a rate limit alone, or a rate limit and conditions. If you specify only a rate limit, AWS WAF places the limit on all IP addresses. If you specify a rate limit and conditions, AWS WAF places the limit on IP addresses that match the conditions. When an IP address reaches the rate limit threshold, AWS WAF applies the assigned action (block or count) as quickly as possible, usually within 30 seconds. Once the action is in place, if five minutes pass with no requests from the IP address, AWS WAF resets the counter to zero.
All Home

All Question 270/790


A company's website is used to sell products to the public. The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). There is also an Amazon CloudFront distribution, and AWS WAF is being used to protect against SQL injection attacks. The ALB is the origin for the CloudFront distribution. A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website.

What should a solutions architect do to protect the application?

RefreshNextRandom

B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address.
If you want to allow or block web requests based on the IP addresses that the requests originate from, create one or more IP match conditions. An IP match condition lists up to 10,000 IP addresses or IP address ranges that your requests originate from. Later in the process, when you create a web ACL, you specify whether to allow or block requests from those IP addresses. AWS Web Application Firewall (WAF) – Helps to protect your web applications from common application layer exploits that can affect availability or consume excessive resources. As you can see in my post (New – AWS WAF), WAF allows you to use access control lists (ACLs), rules, and conditions that define acceptable or unacceptable requests or IP addresses. You can selectively allow or deny access to specific parts of your web application and you can also guard against various SQL injection attacks. We launched WAF with support for Amazon CloudFront. A new version of the AWS Web Application Firewall was released in November 2019. With AWS WAF classic you create "IP match conditions", whereas with AWS WAF (new version) you create "IP set match statements". Look out for wording on the exam. The IP match condition / IP set match statement inspects the IP address of a web request's origin against a set of IP addresses and address ranges. Use this to allow or block web requests based on the IP addresses that the requests originate from. AWS WAF supports all IPv4 and IPv6 address ranges. An IP set can hold up to 10,000 IP addresses or IP address ranges to check. CORRECT: "Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address" is the correct answer. INCORRECT: "Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address" is incorrect as CloudFront does not sit within a subnet so network ACLs do not apply to it. INCORRECT: "Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address" is incorrect as the source IP addresses of the data in the EC2 instances' subnets will be the ELB IP addresses. INCORRECT: "Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address." is incorrect as you cannot create deny rules with security groups. References: AWS WAF, AWS Firewall Manager, and AWS Shield Advanced > Developer Guide > What are AWS WAF, AWS Shield, and AWS Firewall Manager?
All Home

All Question 271/790


A developer has a script to generate daily reports that users previous. The script consistently complete in under 10 minutes. The developer needs to automate the process in a cost effective manner.

Which combination of services should the developer use? (Select two)

RefreshNextRandom

A. AWS Lambda
B. AWS CloudTrail
All Home

All Question 272/790


A solutions architect is creating a new VPC design. There are two public subnets for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web servers use only HTTPS.

The solutions architect has already created a security group for the load balancer allowing port 443 from 0.0.0.0/0. Company policy requires that each resource has the least access required to still be able to perform its tasks.

Which additional configuration strategy should the solutions architect use to meet these requirements?

RefreshNextRandom

B. Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.
All Home

All Question 273/790


A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for 1AM user passwords.

What should the solutions architect do to accomplish this?

RefreshNextRandom

A. Set an overall password policy for the entire AWS account
All Home

All Question 274/790


A company built a food ordering application that captures user data and stores it for future analysis. The application's static front end is deployed on an Amazon EC2 instance. The front–end application sends the requests to the backend application running on separate EC2 instance. The backend application then stores the data in Amazon RDS.

What should a solutions architect do to decouple the architecture and make it scalable?

RefreshNextRandom

D. Use Amazon S3 to serve the static front-end application and send requests to Amazon API Gateway, which writes the requests to an Amazon SQS queue. Place the backend instances in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.
Keyword: Static + Decouple + Scalable Static=S3 Decouple=SQS Queue Scalable=ASG Option B will not be there in the race due to Auto-Scaling unavailability. Option A will not be there in the race due to Decouple unavailability. Option C & D will be in the race and Option D will be correct answers due to all 3 combination matches [Static=S3; Decouple=SQS Queue; Scalable=ASG] & Option C will loose due to Static option unavailability
All Home

All Question 275/790


A company has a large Microsoft SharePoint deployment running on–premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control.

Which solution will satisfy these requirements?

RefreshNextRandom

D. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.
Amazon FSx for Windows File Server provides fully managed, highly reliable, and scalable file storage that is accessible over the industry-standard Server Message Block (SMB) protocol. It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration. It offers single-AZ and multi-AZ deployment options, fully managed backups, and encryption of data at rest and in transit. You can optimize cost and performance for your workload needs with SSD and HDD storage options; and you can scale storage and change the throughput performance of your file system at any time. Amazon FSx file storage is accessible from Windows, Linux, and macOS compute instances and devices running on AWS or on premises. Works with Microsoft Active Directory (AD) to easily integrate file systems with Windows environments. CORRECT: "Amazon FSx" is the correct answer. INCORRECT: "Amazon EFS" is incorrect as EFS only supports Linux systems. INCORRECT: "Amazon S3" is incorrect as this is not a suitable replacement for a Microsoft filesystem. INCORRECT: "AWS Storage Gateway" is incorrect as this service is primarily used for connecting on-premises storage to cloud storage. It consists of a software device installed on-premises and can be used with SMB shares but it actually stores the data on S3. It is also used for migration. However, in this case the company need to replace the file server farm and Amazon FSx is the best choice for this job. References: Amazon FSx for Windows File Server > Windows User Guide > Availability and durability: Single-AZ and Multi-AZ file systems
All Home

All Question 276/790


A company's web site receives 50,000 requests each second.

The company wants to use multiple applications to analyze the navigation patterns of the website users so that the experience can be personalized.

Which AWS services or feature should a solutions architect use to collect page clicks for the website and process them sequentially for each user?

RefreshNextRandom

A. Amazon Kinesis Data Streams
All Home

All Question 277/790


A company has an application running on Amazon EC2 instances in a private subnet. The application needs to store and retrieve data in Amazon S3. To reduce costs, the company wants to configure its AWS resources in a cost–effective manner.

How should the company accomplish this?

RefreshNextRandom

B. Deploy AWS Storage Gateway to access the S3 buckets.
All Home

All Question 278/790


A company has a highly dynamic batch processing job that uses many Amazon EC2 instances to complete it. The job is stateless in nature, can be started and stopped at any given time with no negative impact, and typically takes upwards of 60 minutes total to complete. The company has asked a solutions architect to design a scalable and cost–effective solution that meets the requirements of the job.

What should the solutions architect recommend?

RefreshNextRandom

A. Implement EC2 Spot Instances.
All Home

All Question 279/790


A company is planning to migrate a business–critical dataset to Amazon S3. The current solution design uses a single S3 bucket in the us–east–1 Region with versioning enabled to store the dataset. The company's disaster recovery policy states that all data multiple AWS Regions.

How should a solutions architect design the S3 solution?

RefreshNextRandom

C. Create an additional S3 bucket with versioning in another Region and configure cross-Region replication.
Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region. Both source and destination buckets must have versioning enabled. CORRECT: "Create an additional S3 bucket with versioning in another Region and configure cross-Region replication" is the correct answer. INCORRECT: "Create an additional S3 bucket in another Region and configure cross-Region replication" is incorrect as the destination bucket must also have versioning enabled. INCORRECT: "Create an additional S3 bucket in another Region and configure cross-origin resource sharing (CORS)" is incorrect as CORS is not related to replication. INCORRECT: "Create an additional S3 bucket with versioning in another Region and configure cross-origin resource sharing (CORS)" is incorrect as CORS is not related to replication. References: Amazon Simple Storage Service > User Guide > Replicating objects
All Home

All Question 280/790


A solutions architect is creating a new VPC design. There are two public subnet for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web serves use only HTTPS. The solutions architect has already created a security group for the load Balancer allowing port 443 from 0.0 0.0/0. Company policy requires that each resource has the least access required to still be able to perform its tasks.

Which additional configuration strategy should the solution architect use to meet these requirements?

RefreshNextRandom

C. Create a security group for the web servers and allow port 443 from the load balancer. Create a security group for the MySQL servers and allow port 3306 from the web sewers security group
All Home

All Question 281/790


A company is planning to migrate a mission–critical three–tor web application from on–premises to the AWS Cloud.

The backend database is shared with other on–premises systems and will remain in the on–premises data center.

The application tier requires quick and predictable response times between the presentation tier and the database Encryption is required for data in transit between client web browsers and the VPC.

And between the on–premises data center and the VPC.

Which solution meets these requirements?

RefreshNextRandom

D. Use SSL/TLS for the web traffic encryption. Use VPN tunnels over an AWS Direct Connect connection for the data transfer between the VPC and the on-premises data center.
All Home

All Question 282/790


A solutions architect is designing a highly available website that is served by multiple web servers hosted outside of AWS.
If an instance becomes unresponsive, the architect needs to remove it from the rotation.

What is the MOST efficient way to fulfill this requirement?

RefreshNextRandom

C. Use an Amazon Elastic Load Balancer.
All Home

All Question 283/790


A company wants to share forensic accounting data that is stored in an Amazon RDS DB instance with an external auditor. The auditor has its own AWS account and requires its own copy of the database.

How should the company securely share the database with the auditor?

RefreshNextRandom

A. Create a read replica of the database and configure IAM standard database authentication to grant the auditor access.
All Home

All Question 284/790


Do Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance?

RefreshNextRandom

D. Yes, they do.
An Amazon EBS volume behaves like a raw, unformatted, external block device that you can attach to a single instance. The volume persists independently from the running life of an Amazon EC2 instance. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Storage
All Home

All Question 285/790


A company is hosting an election reporting website on AWS for users around the world. The website uses Amazon EC2 instances for the web and application tiers in an Auto Scaling group with Application Load Balancers. The database tier uses an Amazon RDS for MySQL database. The website is updated with election results once an hour and has historically observed hundreds of users accessing the reports.

The company is expecting a significant increase in demand because of upcoming elections in different countries. A solutions architect must improve the website's ability to handle additional demand while minimizing the need for additional EC2 instances.

Which solution will meet these requirements?

RefreshNextRandom

B. Launch an Amazon CloudFront web distribution to cache commonly requested website content.
All Home

All Question 286/790


A company has a multi–tier application that runs six front–end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer (ALB). A solutions architect needs to modify the infrastructure to be highly available without modifying the application.

Which architecture should the solutions architect choose that provides high availability?

RefreshNextRandom

B. Modify the Auto Scaling group to use three instances across each of two Availability Zones.
Expanding Your Scaled and Load-Balanced Application to an Additional Availability Zone. When one Availability Zone becomes unhealthy or unavailable, Amazon EC2 Auto Scaling launches new instances in an unaffected zone. When the unhealthy Availability Zone returns to a healthy state, Amazon EC2 Auto Scaling automatically redistributes the application instances evenly across all of the zones for your Auto Scaling group. Amazon EC2 Auto Scaling does this by attempting to launch new instances in the Availability Zone with the fewest instances. If the attempt fails, however, Amazon EC2 Auto Scaling attempts to launch in other Availability Zones until it succeeds. You can expand the availability of your scaled and load-balanced application by adding an Availability Zone to your Auto Scaling group and then enabling that zone for your load balancer. After you've enabled the new Availability Zone, the load balancer begins to route traffic equally among all the enabled zones. High availability can be enabled for this architecture quite simply by modifying the existing Auto Scaling group to use multiple availability zones. The ASG will automatically balance the load so you don't actually need to specify the instances per AZ. The architecture for the web tier will look like the one below: CORRECT: "Modify the Auto Scaling group to use four instances across each of two Availability Zones" is the correct answer. INCORRECT: "Create an Auto Scaling group that uses four instances across each of two Regions" is incorrect as EC2 Auto Scaling does not support multiple regions. INCORRECT: "Create an Auto Scaling template that can be used to quickly create more instances in another Region" is incorrect as EC2 Auto Scaling does not support multiple regions. INCORRECT: "Create an Auto Scaling group that uses four instances across each of two subnets" is incorrect as the subnets could be in the same AZ. References: Amazon EC2 Auto Scaling
All Home

All Question 287/790


A company is migrating a NoSQL database cluster to Amazon EC2. The database automatically replicates data to maintain at least three copies of the data. I/O throughput of the servers is the highest priority. Which instance type should a solutions architect recommend for the migration?

RefreshNextRandom

A. Storage optimized instances with instance store
All Home

All Question 288/790


A company hosts its core network services, including directory services and DNS. in its on–premises data center. The data center is connected to the AWS Cloud using AWS Direct Connect (DX) Additional AWS accounts are planned that will require quick, cost–effective, and consistent access to these network services.

What should a solutions architect implement to meet these requirements with the LEAST amount of operational overhead?

RefreshNextRandom

D. Configure AWS Transit Gateway between the accounts Assign DX to the transit gateway and route network traffic to the on-premises servers
All Home

All Question 289/790


A company's website hosted on Amazon EC2 instances processes classified data stored in Amazon S3. Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3.

Which solution meets these requirements?

RefreshNextRandom

A. Set up S3 bucket policies to allow access from a VPC endpoint. References: Amazon Simple Storage Service > User Guide > Controlling access from VPC endpoints with bucket policies
All Home

All Question 290/790


A company has several business systems that require access to data stored in a file share. the business systems will access the file share using the Server Message Block (SMB) protocol. The file share solution should be accessible from both of the company's legacy on–premises environment and with AWS.

Which services mod the business requirements? (Select TWO)

RefreshNextRandom

C. Amazon FSx for Windows
E. AWS Storage Gateway file gateway
Keyword: SMB + On-premises Condition: File accessible from both on-premises and AWS Amazon FSx for Windows File Server Amazon FSx for Windows File Server provides fully managed, highly reliable, and scalable file storage that is accessible over the industry-standard Server Message Block (SMB) protocol. It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration. It offers single-AZ and multi-AZ deployment options, fully managed backups, and encryption of data at rest and in transit. You can optimize cost and performance for your workload needs with SSD and HDD storage options; and you can scale storage and change the throughput performance of your file system at any time. Amazon FSx file storage is accessible from Windows, Linux, and macOS compute instances and devices running on AWS or on-premises. How FSx for Windows File Server works AWS Storage Gateway AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. These include moving backups to the cloud, using on-premises file shares backed by cloud storage, and providing low latency access to data in AWS for on-premises applications. To support these use cases, Storage Gateway offers three different types of gateways – File Gateway, Tape Gateway, and Volume Gateway – that seamlessly connect on-premises applications to cloud storage, caching data locally for low-latency access. Your applications connect to the service through a virtual machine or gateway hardware appliance using standard storage protocols, such as NFS, SMB, and iSCSI. The gateway connects to AWS storage services, such as Amazon S3, Amazon S3 Glacier, Amazon S3 Glacier Deep Archive, Amazon EBS, and AWS Backup, providing storage for files, volumes, snapshots, and virtual tapes in AWS. The service includes a highly-optimized and efficient data transfer mechanism, with bandwidth management and automated network resilience. How Storage Gateway works The table below shows the different gateways available and the interfaces and use cases: CORRECT: "Amazon FSx for Windows" is the correct answer. CORRECT: "Amazon Storage File Gateway" is the correct answer. INCORRECT: "Amazon EBS" is incorrect as unsupported NFS/SMB. INCORRECT: "Amazon EFS" is incorrect as unsupported NFS/SMB. INCORRECT: "Amazon S3" is incorrect as unsupported NFS/SMB. References: Amazon FSx for Windows File Server AWS Storage Gateway AWS News Blog > File Interface to AWS Storage Gateway
All Home

All Question 291/790


A company has a dynamic web application hosted on two Amazon EC2 instances. The company has its own SSL certificate, which is on each instance to perform SSL termination.

There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit.

What should a solutions architect do to increase the application's performance?

RefreshNextRandom

D. Import the SSL certificate into AWS Certificate Manager (ACM). Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.
All Home

All Question 292/790


The DNS provider that hosts a company's domain name records is experiencing outages that cause service disruption for a website running on AWS.

The company needs to migrate to a more resilient managed DNS service and wants the service to run on AWS.

What should a solutions architect do to rapidly migrate the DNS hosting service?

RefreshNextRandom

A. Create an Amazon Route 53 public hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider.
All Home

All Question 293/790


A solutions architect is reviewing the cost of a company's scheduled nightly maintenance. The solutions architect notices that three Amazon EC2 instances are being run to perform nine scripted tasks that take less than 5 minutes each to complete. The scripts are all written in Python.

Which action should the company take to optimize costs of the nightly maintenance?

RefreshNextRandom

B. Convert the scripts to AWS Lambda functions and schedule them with Amazon EventBridge (Amazon CloudWatch Events).
All Home

All Question 294/790


A solutions architect is designing the architecture for a new web application. The application will run on AWS Fargate containers with an Application Load Balancer (ALB) and an Amazon Aurora PostgreSQL database. The web application will perform primarily read queries against the database.

What should the solutions architect do to ensure that the website can scale with increasing traffic? (Select TWO.)

RefreshNextRandom

A. Enable auto scaling on the ALB to scale the load balancer horizontally.
B. Configure Aurora Auto Scaling to adjust the number of Aurora Replicas in the Aurora cluster dynamically.
All Home

All Question 295/790


A company runs a multi–tier web application that hosts news content. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database. A solutions architect needs to make the application more resilient to periodic increases in request rates.

Which architecture should the solutions architect implement? (Choose two.)

RefreshNextRandom

B. Add Aurora Replica.
E. Add an Amazon CloudFront distribution in front of the Application Load Balancer.
AWS Global Accelerator: Acceleration for latency-sensitive applications. Many applications, especially in areas such as gaming, media, mobile apps, and financials, require very low latency for a great user experience. To improve the user experience, Global Accelerator directs user traffic to the application endpoint that is nearest to the client, which reduces internet latency and jitter. Global Accelerator routes traffic to the closest edge location by using Anycast, and then routes it to the closest regional endpoint over the AWS global network. Global Accelerator quickly reacts to changes in network performance to improve your users' application performance. Amazon CloudFront: Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. The architecture is already highly resilient but the may be subject to performance degradation if there are sudden increases in request rates. To resolve this situation Amazon Aurora Read Replicas can be used to serve read traffic which offloads requests from the main database. On the frontend an Amazon CloudFront distribution can be placed in front of the ALB and this will cache content for better performance and also offloads requests from the backend. CORRECT: "Add Amazon Aurora Replicas" is the correct answer. CORRECT: "Add an Amazon CloudFront distribution in front of the ALB" is the correct answer. INCORRECT: "Add and Amazon WAF in front of the ALB" is incorrect. A web application firewall protects applications from malicious attacks. It does not improve performance. INCORRECT: "Add an Amazon Transit Gateway to the Availability Zones" is incorrect as this is used to connect on-premises networks to VPCs. INCORRECT: "Add an Amazon Global Accelerator endpoint" is incorrect as this service is used for directing users to different instances of the application in different regions based on latency. References: Amazon Aurora > User Guide for Aurora > Replication with Amazon Aurora Amazon CloudFront > Developer Guide > What is Amazon CloudFront?
All Home

All Question 296/790



Which scenario could be causing this issue? ( Select TWO)

RefreshNextRandom

C. The route to the S3 endpoint is not configured in the route table
E. The S3 bucket has a bucket policy that does not allow access to the CIDR of the VPC
All Home

All Question 297/790


A company has an application that uses Amazon Elastic File System (Amazon EFS) to store data. The files are 1 GB in size or larger and are accessed often only for the first few days after creation. The application data is shared across a cluster of Linux servers. The company wants to reduce storage costs for the application.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Configure a Lifecycle policy to move the files to the EFS Infrequent Access (IA) swage class after 7 days.
All Home

All Question 298/790


A company hosts its multi–tier public web application in the AWS Cloud. The web application runs on Amazon EC2 instances and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend. A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes.

What should the solutions architect do to meet this requirement?

RefreshNextRandom

B. Enable detailed monitoring on all EC2 instances. Use Amazon CloudWatch metrics to perform further analysis.
All Home

All Question 299/790



RefreshNextRandom

B. Subnet's traffic is routed to an internet gateway.
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC. You can configure your VPC: you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings. A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet that you select. Use a public subnet for resources that must be connected to the internet, and a private subnet for resources that won't be connected to the Internet. If a subnet's traffic is routed to an internet gateway, the subnet is known as a public subnet. If a subnet doesn't have a route to the internet gateway, the subnet is known as a private subnet. If a subnet doesn't have a route to the internet gateway, but has its traffic routed to a virtual private gateway, the subnet is known as a VPN-only subnet. References: Amazon Virtual Private Cloud > User Guide > VPCs and subnets
All Home

All Question 300/790


A company runs its production workload on an Amazon Aurora MySQL DB cluster that includes six Aurora Replicas. The company wants near–real–time reporting queries from one of its departments to be automatically distributed across three of the Aurora Replicas. Those three replicas have a different compute and memory specification from the rest of the DB cluster.
Which solution meets these requirements?

RefreshNextRandom

B. Create a three-node cluster clone and use the reader endpoint.
All Home

All Question 301/790


A company is making a prototype of the infrastructure for its new website by manually provisioning the necessary infrastructure.

This infrastructure includes an Auto Scaling group an Application Load Balancer, and an Amazon RDS database.

After the configuration has been thoroughly validated the company wants the capability to immediately deploy the infrastructure for development and production use in two Availability Zones in an automated fashion.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

B. Define the infrastructure as a template by using the prototype infrastructure as a guide Deploy the infrastructure with AWS CloudFormation
All Home

All Question 302/790


You are looking at ways to improve some existing infrastructure as it seems a lot of engineering resources are being taken up with basic management and monitoring tasks and the costs seem to be excessive. You are thinking of deploying Amazon ElasticCache to help.

Which of the following statements is true in regards to ElasticCache?

RefreshNextRandom

D. You can improve load and response times to user actions and queries and also reduce the cost associated with scaling web applications.
Amazon ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. Amazon ElastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory caching system, instead of relying entirely on slower disk-based databases. The service simplifies and offloads the management, monitoring and operation of in-memory cache environments, enabling your engineering resources to focus on developing applications. Using Amazon ElastiCache, you can not only improve load and response times to user actions and queries, but also reduce the cost associated with scaling web applications. References: Amazon ElastiCache FAQs
All Home

All Question 303/790


A company wants to identify underutilized instances for Amazon EX2 and Amazon RDS.

The company needs to report on the cost of all underutilized instances and the utilization metrics for each resource.

Which combination of tools and services will provide this data? (Select TWO.)

RefreshNextRandom

A. Cost Explorer
D. Amazon CloudWarch
All Home

All Question 304/790


A company has developed a database in Amazon RDS for MySQL.

Due to increased support team is reporting slow reads against the DB instance and recommends adding a read replica.

Which combination of actions should a solutions architect take before implementing this change? (Select TWO.)

RefreshNextRandom

C. Allow long-running transactions to complete on the source DB instance.
E. Enable automatic backups on the source instance by settings the backup retention period to a value other than 0.
All Home

All Question 305/790


A company is deploying a production portal application on AWS. The database tier has structured data.

The company requires a solution that is easily manageable and highly available.

How can these requirements be met?

RefreshNextRandom

A. Deploy the database on multiple Amazon EC2 instances backed by Amazon Elastic Block Store (Amazon EBS) across multiple Availability Zones.
All Home

All Question 306/790


A company wants to use an AWS Region as a disaster recovery location for its on–premises infrastructure. The company has 10 TB of existing data, and the on–premise data center has a 1 Gbps internet connection. A solutions architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel.

Which solution should the solutions architect select?

RefreshNextRandom

C. Establish a VPN connection between Amazon VPC and the company's data center.
Keyword: AWS Region as DR for On-premises DC (Existing Data=10TB) + 1G Internet Connection Condition: 10TB on AWS in 72 Hours + Without Unencrypted Channel Without Unencrypted Channel = VPN FTP = Unencrypted Channel Options – A – Out of race, since this is unencrypted channel & not matching the condition Options – B – Out of race due to the timebound target & order /delivering AWS Snowball device will take time Options – C – Win the race, using the existing 1G Internet Link we can transfer this 10TB data within 24Hrs using encrypted Channel Options – D – Out of race due to the timebound target & order /delivering AWS Direct Connect will take time References: AWS Snowball > User Guide > Shipping an AWS Snowball device AWS Direct Connect Amazon VPC
All Home

All Question 307/790


A company is planning to use Amazon S3 to store images uploaded by its users. The images must be encrypted at rest in Amazon S3. The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys.

What should a solutions architect use to accomplish this?

RefreshNextRandom

D. Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
"Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS) is similar to SSE-S3, but with some additional benefits and charges for using this service. There are separate permissions for the use of a CMK that provides added protection against unauthorized access of your objects in Amazon S3. SSE-KMS also provides you with an audit trail that shows when your CMK was used and by whom." Server-Side Encryption: Using SSE-KMS You can protect data at rest in Amazon S3 by using three different modes of server-side encryption: SSES3, SSE-C, or SSE-KMS. SSE-S3 requires that Amazon S3 manage the data and master encryption keys. For more information about SSE-S3, see Protecting Data Using Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3). SSE-C requires that you manage the encryption key. For more information about SSE-C, see Protecting Data Using Server-Side Encryption with Customer-Provided Encryption Keys (SSE-C). SSE-KMS requires that AWS manage the data key but you manage the customer master key (CMK) in AWS KMS. The remainder of this topic discusses how to protect data by using server-side encryption with AWS KMS-managed keys (SSE-KMS). You can request encryption and select a CMK by using the Amazon S3 console or API. In the console, check the appropriate box to perform encryption and select your CMK from the list. For the Amazon S3 API, specify encryption and choose your CMK by setting the appropriate headers in a GET or PUT request. SSE-KMS requires that AWS manage the data key but you manage the customer master key (CMK) in AWS KMS. You can choose a customer managed CMK or the AWS managed CMK for Amazon S3 in your account. Customer managed CMKs are CMKs in your AWS account that you create, own, and manage. You have full control over these CMKs, including establishing and maintaining their key policies, IAM policies, and grants, enabling and disabling them, rotating their cryptographic material, adding tags, creating aliases that refer to the CMK, and scheduling the CMKs for deletion. For this scenario, the solutions architect should use SSE-KMS with a customer managed CMK. That way KMS will manage the data key but the company can configure key policies defining who can access the keys. CORRECT: "Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)" is the correct answer. INCORRECT: "Server-Side Encryption with keys stored in an S3 bucket" is incorrect as you cannot store your keys in a bucket with server-side encryption INCORRECT: "Server-Side Encryption with Customer-Provided Keys (SSE-C)" is incorrect as the company does not want to manage the keys. INCORRECT: "Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)" is incorrect as the company needs to manage access control for the keys which is not possible when they're managed by Amazon. References: AWS Key Management Service > Developer Guide > Server-Side Encryption: Using SSE-KMS AWS Key Management Service > Developer Guide > AWS KMS keys concepts
All Home

All Question 308/790


A solutions architect is tasked with transferring 750 TB of data from a network–attached file system located at a branch office Amazon S3 Glacier. The solution must avoid saturating the branch office's low–bandwidth internet connection.

What is the MOST cost–effective solution?

RefreshNextRandom

D. Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.
Regional Limitations for AWS Snowball The AWS Snowball service has two device types, the standard Snowball and the Snowball Edge. The following table highlights which of these devices are available in which regions. The following table highlights which of these devices are available in which regions. The following table highlights which of these devices are available in which regions. Limitations on Jobs in AWS Snowball The following limitations exist for creating jobs in AWS Snowball: For security purposes, data transfers must be completed within 90 days of the Snowball being prepared. Currently, AWS Snowball Edge device doesn't support server-side encryption with customer-provided keys (SSE-C). AWS Snowball Edge device does support server-side encryption with Amazon S3–managed encryption keys (SSE-S3) and server-side encryption with AWS Key Management Service – managed keys (SSE-KMS). For more information, see Protecting Data Using Server-Side Encryption in the Amazon Simple Storage Service Developer Guide. In the US regions, Snowballs come in two sizes: 50 TB and 80 TB. All other regions have the 80 TB Snowballs only. If you're using Snowball to import data, and you need to transfer more data than will fit on a single Snowball, create additional jobs. Each export job can use multiple Snowballs. The default service limit for the number of Snowballs you can have at one time is 1. If you want to increase your service limit, contact AWS Support. All objects transferred to the Snowball have their metadata changed. The only metadata that remains the same is filename and filesize. All other metadata is set as in the following example: -rw-rw-r– 1 root root [filesize] Dec 31 1969 [path/filename]. Object lifecycle management To manage your objects so that they are stored cost effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions: Transition actions – Define when objects transition to another storage class. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after you created them, or archive objects to the S3 Glacier storage class one year after creating them. Expiration actions – Define when objects expire. Amazon S3 deletes expired objects on your behalf. The lifecycle expiration costs depend on when you choose to expire objects. As the company's internet link is low-bandwidth uploading directly to Amazon S3 (ready for transition to Glacier) would saturate the link. The best alternative is to use AWS Snowball appliances. The Snowball Edge appliance can hold up to 75 TB of data so 10 devices would be required to migrate 750 TB of data. Snowball moves data into AWS using a hardware device and the data is then copied into an Amazon S3 bucket of your choice. From there, lifecycle policies can transition the S3 objects to Amazon S3 Glacier. CORRECT: "Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier" is the correct answer. INCORRECT: "Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination. Create a bucket policy to enforce a VPC endpoint" is incorrect as you cannot set a Glacier vault as the destination, it must be an S3 bucket. You also can't enforce a VPC endpoint using a bucket policy. INCORRECT: "Create an AWS Direct Connect connection and migrate the data straight into Amazon Glacier" is incorrect as this is not the most cost-effective option and takes time to setup. INCORRECT: "Use AWS Global Accelerator to accelerate upload and optimize usage of the available bandwidth" is incorrect as this service is not used for accelerating or optimizing the upload of data from on-premises networks. References: AWS Snowball Edge Developer Guide > AWS Snowball Edge Specifications
All Home

All Question 309/790


Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the world. The files are stored in an Amazon S3 bucket. A solutions architect has been asked to design an efficient and effective solution.

Which action should the solutions architect take to accomplish this?

RefreshNextRandom

D. Use Amazon CloudFront with the S3 bucket as its origin.
Using Amazon S3 Origins, MediaPackage Channels, and Custom Origins for Web Distributions Using Amazon S3 Buckets for Your Origin When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in an Amazon S3 bucket. You can use any method that is supported by Amazon S3 to get your objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket. Using an existing Amazon S3 bucket as your CloudFront origin server doesn't change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects at the standard Amazon S3 price. You incur regular Amazon S3 charges for storing the objects in the bucket. Using Amazon S3 Buckets Configured as Website Endpoints for Your Origin You can set up an Amazon S3 bucket that is configured as a website endpoint as custom origin with CloudFront. When you configure your CloudFront distribution, for the origin, enter the Amazon S3 static website hosting endpoint for your bucket. This value appears in the Amazon S3 console, on the Properties tab, in the Static website hosting pane. For example: http://bucket-name.s3-website-region.amazonaws.com For more information about specifying Amazon S3 static website endpoints, see Website endpoints in the Amazon Simple Storage Service Developer Guide. When you specify the bucket name in this format as your origin, you can use Amazon S3 redirects and Amazon S3 custom error documents. For more information about Amazon S3 features, see the Amazon S3 documentation. Using an Amazon S3 bucket as your CloudFront origin server doesn't change it in any way. You can still use it as you normally would and you incur regular Amazon S3 charges. Amazon CloudFront can be used to cache the files in edge locations around the world and this will improve the performance of the webpages. To serve a static website hosted on Amazon S3, you can deploy a CloudFront distribution using one of these configurations: Using a REST API endpoint as the origin with access restricted by an origin access identity (OAI) Using a website endpoint as the origin with anonymous (public) access allowed Using a website endpoint as the origin with access restricted by a Referer header CORRECT: "Use Amazon CloudFront with the S3 bucket as its origin" is the correct answer. INCORRECT: "Generate presigned URLs for the files" is incorrect as this is used to restrict access which is not a requirement. INCORRECT: "Use cross-Region replication to all Regions" is incorrect as this does not provide a mechanism for directing users to the closest copy of the static webpages. INCORRECT: "Use the geoproximity feature of Amazon Route 53" is incorrect as this does not include a solution for having multiple copies of the data in different geographic locations. References: How do I use CloudFront to serve a static website hosted on Amazon S3?
All Home

All Question 310/790


A company uses Amazon Redshift for its data warehouse. The company wants to ensure high durability for its data in case of any component failure.

What should a solutions architect recommend?

RefreshNextRandom

B. Enable cross-Region snapshots.
All Home

All Question 311/790


A company has an application hosted on Amazon EC2 instances in two VPCs across different AWS Regions. To communicate with each other, the instances use the internet for connectivity. The security team wants to ensure that no communication between the instances happens over the internet.

What should a solutions architect do to accomplish this?

RefreshNextRandom

D. Create a VPC peering connection and update the route table of the EC2 instances' subnet.
All Home

All Question 312/790


A solutions architect is performing a security review of a recently migrated workload. The workload is a web application that consists of Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer.

The solution architect must improve the security posture and minimize the impact of a DDoS attack on resources.

Which solution is MOST effective?

RefreshNextRandom

B. Create a custom AWS Lambda function that adds identified attacks into a common vulnerability pool to capture a potential DDoS attack. Use the identified information to modify a network ACL to block access.
All Home

All Question 313/790


A healthcare company stores highly sensitive patient records. Compliance requires that multiple copies be stored in different locations. Each record must be stored for 7 years. The company has a service level agreement (SLA) to provide records to government agencies immediately for the first 30 days and then within 4 hours of a request thereafter.

What should a solutions architect recommend?

RefreshNextRandom

A. Use Amazon S3 with cross-Region replication enabled. After 30 days, transition the data to Amazon S3 Glacier using lifecycle policy.
All Home

All Question 314/790


An application running on AWS uses an Amazon Aurora Multi–AZ deployment for its database. When evaluating performance metrics, a solutions architect discovered that the database reads are causing high I/O and adding latency to the write requests against the database.

What should the solutions architect do to separate the read requests from the write requests?

RefreshNextRandom

C. Create a read replica and modify the application to use the appropriate endpoint.
Amazon RDS Read Replicas provide enhanced performance and durability for RDS database (DB) instances. They make it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas can also be promoted when needed to become standalone DB instances. Read replicas are available in Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server as well as Amazon Aurora. For the MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server database engines, Amazon RDS creates a second DB instance using a snapshot of the source DB instance. It then uses the engines' native asynchronous replication to update the read replica whenever there is a change to the source DB instance. The read replica operates as a DB instance that allows only read-only connections; applications can connect to a read replica just as they would to any DB instance. Amazon RDS replicates all databases in the source DB instance. Amazon Aurora further extends the benefits of read replicas by employing an SSD-backed virtualized storage layer purpose-built for database workloads. Amazon Aurora replicas share the same underlying storage as the source instance, lowering costs and avoiding the need to copy data to the replica nodes. For more information about replication with Amazon Aurora, see the online documentation. Amazon Aurora Aurora Replicas are independent endpoints in an Aurora DB cluster, best used for scaling read operations and increasing availability. Up to 15 Aurora Replicas can be distributed across the Availability Zones that a DB cluster spans within an AWS Region. The DB cluster volume is made up of multiple copies of the data for the DB cluster. However, the data in the cluster volume is represented as a single, logical volume to the primary instance and to Aurora Replicas in the DB cluster. As well as providing scaling for reads, Aurora Replicas are also targets for multi-AZ. In this case the solutions architect can update the application to read from the Multi-AZ standby instance. References: Amazon Aurora > User Guide for Aurora > Replication with Amazon Aurora
All Home

All Question 315/790


A solutions architect needs to allow developers to have SSH connectivity to web servers The requirements are as follows:

Limit access to users originating from the corporate
Web servers cannot have SSH access directly from the
Web servers reside in a private
Which combination of steps must the architect complete to meet these requirements? (Select TWO.)

RefreshNextRandom

A. Create a bastion host that authenticates users against the corporate directory
E. Deny all SSH traffic from the corporate network in the inbound network ACL.
All Home

All Question 316/790


An application running on an Amazon EC2 instance needs to securely access files on an Amazon Elastic File System (Amazon EFS) file system. The EFS files are stores using encryptions at rest.

Which solution for accessing the files in MOST secure?

RefreshNextRandom

C. Enable AWS Key MAnagement Service (AKS KMS) when mounting Amazon EFS.
All Home

All Question 317/790


A company runs multiple Amazon EC2 Linux instances in a VPC with applications that use a hierarchical directory structure. The applications need to rapidly and concurrently read and write to shared storage.

How can this be achieved?

RefreshNextRandom

A. Create an Amazon EFS file system and mount it from each EC2 instance.
All Home

All Question 318/790


A company hosts its web application on AWS using server Amazon EC2 instances. The company requires that the IP addresses of all healthy EC2 instances be refused in response to DNS queries.

Which policy should be used to meet this requirement?

RefreshNextRandom

C. Multivalue routing policy.
All Home

All Question 319/790


A company wants to launch a new application using Amazon Route 53, an Application Load Balancer (ALB), and an Amazon EC2 Auto Scaling group. The company is preparing to perform user experience testing and has a limited budget for this phase of the project. Although the company plans to do a load test in the future, it wants to prevent users from load testing at this time because it wants to limit unnecessary EC2 automatic scaling.

What should a solutions architect do to minimize costs of the user experience testing?

RefreshNextRandom

B. Deploy AWS WAF on the ALB with a rate-based rule configured to limit the number of requests each client can make.
All Home

All Question 320/790


A company has media and application files that need to be shared internally. Users currently are authenticated using Active Directory and access files from a Microsoft Windows platform. The chief executive officer wants to keep the same user permissions, but wants the company to improve the process as the company is reaching its storage capacity limit.

What should a solutions architect recommend?

RefreshNextRandom

B. Configure Amazon FSx for Windows File Server and move all the media and application files.
All Home

All Question 321/790


A company is backing up on–premises databases to local file server shares using the SMB protocol. The company requires immediate access to 1 week of backup files to meet recovery objectives. Recovery after a week is less likely to occur, and the company can tolerate a delay in accessing those older backup files.

What should a solutions architect do to meet these requirements with the LEAST operational effort?

RefreshNextRandom

A. Deploy Amazon FSx for Windows File Server to create a file system with exposed file shares with sufficient storage to hold all the desired backups. References: AWS Storage Blog > Back up your on-premises applications to the cloud using AWS Storage Gateway
All Home

All Question 322/790


A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3. These files are encrypted using AWS Key Management Service Customer Master Keys (AWS KMS CMKs). A solutions architect needs to design a solution that will ensure the required permissions are set correctly.

Which combination of actions accomplish this? (Choose two.)

RefreshNextRandom

B. Grant the decrypt permission for the Lambda IAM role in the KMS key's policy.
E. Create a new IAM role with the kms:decrypt permission and attach the execution role to the Lambda function.
All Home

All Question 323/790


A company has a popular gaming platform running on AWS. The application is sensitive to latency because latency can impact the user experience and introduce unfair advantages to some players. The application is deployed in every AWS Region it runs on Amazon EC2 instances that are part of Auto Scaling groups configured behind Application Load Balancers (ALBs). A solutions architect needs to implement a mechanism to monitor the health of the application and redirect traffic to healthy endpoints.

Which solution meets these requirements?

RefreshNextRandom

D. Configure an Amazon DynamoDB database to serve as the data store for the application. Create a DynamoDB Accelerator (DAX) cluster to act as the in-memory cache for DynamoDB hosting the application data.
All Home

All Question 324/790


A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing, 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.

Which set of services should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage
All Home

All Question 325/790


A company running an on–premises application is migrating the application to AWS to increase its elasticity and availability. The current architecture uses a Microsoft SQL Server database with heavy read activity.
The company wants to explore alternate database options and migrate database engines, if needed. Every 4 hours, the development team does a full copy of the production database to populate a test database.

During this period, users experience latency. What should a solutions architect recommend as replacement database?

RefreshNextRandom

D. Use Amazon RDS for SQL Server with a Multi-AZ deployment and read replicas, and restore snapshots from RDS for the test database.
All Home

All Question 326/790


A solutions architect is redesigning a monolithic application to be a loosely coupled application composed of two microservices: Microservice A and Microservice B.

Microservice A places messages in a main Amazon Simple Queue Service (Amazon SQS) queue for Microservice B to consume. When Microservice B fails to process a message after four retries, the message needs to be removed from the queue and stored for further investigation.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

B. Create an SQS dead-letter queue. Configure the main SQS queue to deliver messages to the dead letter queue after the message has been received four times.
All Home

All Question 327/790


A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address. The default security group is assigned to the EC2 instance. The default network ACL has been modified to block all traffic. A solutions architect needs to make the web server accessible from everywhere on port 443.

Which combination of steps will accomplish this task? (Choose two.)

RefreshNextRandom

A. Create a security group with a rule to allow TCP port 443 from source 0.0.0.0/0.
B. Create a security group with a rule to allow TCP port 443 to destination 0.0.0.0/0.
All Home

All Question 328/790


A company is developing a video conversion application hosted on AWS. The application will be available in two tiers: a free tier and a paid tier. Users in the paid tier will have their videos converted first and then the tree tier users will have their videos converted.

Which solution meets these requirements and is MOST cost–effective?

RefreshNextRandom

D. Two standard Amazon Simple Queue Service (Amazon SQS) queues with one for the paid tier and one for the free tier.
In AWS, the queue service is the Simple Queue Service (SQS). Multiple SQS queues may be prepared to prepare queues for individual priority levels (with a priority queue and a secondary queue). Moreover, you may also use the message Delayed Send function to delay process execution.
All Home

All Question 329/790


A company has an application mat provides marketing services to stores. The services are based on previous purchases by store customers.

The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers.

Some of the files can exceed 200 GB in size.

Recently, the company discovered that some of the stores have uploaded tiles that contain personally identifiable information (PII) mat should not have been included.

The company wants administrators to be alerted if Pll is shared again. The company also wants to automate remediation.

What should a solutions architect do to meet these requirements with the LEAS F development effort?

RefreshNextRandom

A. Use an Amazon S3 bucket as a secure transfer point Use Amazon inspector to scan the objects in the bucket If objects contain Pll, trigger an S3 Lifecycle policy to remove the objects that contain Pll.
All Home

All Question 330/790


A company has established a new AWS account. The account is newly provisioned and no changed have been made to the default settings. The company is concerned about the security of the AWS account root user.

What should be done to secure the root user?

RefreshNextRandom

B. Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user.
All Home

All Question 331/790


A company has two applications: a sender application that sends messages with payloads to be processed and a processing application intended to receive messages with payloads. The company wants to implement an AWS service to handle messages between the two applications. The sender application can send about 1,000 messages each hour. The messages may take up to 2 days to be processed. If the messages fail to process, they must be retained so that they do not impact the processing of any remaining messages.

Which solution meets these requirements and is the MOST operationally efficient?

RefreshNextRandom

C. Integrate the sender and processor applications with an Amazon Simple Queue Service (Amazon SQS) queue. Configure a dead-letter queue to collect the messages that failed to process.
All Home

All Question 332/790


A company has applications hosted on Amazon EC2 instances with IPv6 addresses. The applications must initiate communications with other external applications using the internet. However, the company's security policy states that any external service cannot initiate a connection to the EC2 instances. What should a solutions architect recommend to resolve this issue?

RefreshNextRandom

D. Create an egress-only internet gateway and make it the destination of the subnet's route table.
All Home

All Question 333/790


A company receives data from millions of users totaling about 1 TB each flay. The company provides its user's with usage reports gang back 12 months Al usage data must be stored for at least 5 years to comply with regulatory and auditing requirements

Which storage solution is MOST cost–effective?

RefreshNextRandom

A. Store the data in Amazon S3 Standard. Set a lifecycle -rule to transition the data to S3 Glacier Deep Archive after 1 year. Set a Recycle rule to delete the data after5 years.
All Home

All Question 334/790


An edge location refers to which Amazon Web Service?

RefreshNextRandom

C. An edge location is the location of the data center used for Amazon CloudFront.
Amazon CloudFront is a content distribution network. A content delivery network or content distribution network (CDN) is a large distributed system of servers deployed in multiple data centers across the world. The location of the data center used for CDN is called edge location. Amazon CloudFront can cache static content at each edge location. This means that your popular static content (e.g., your site's logo, navigational images, cascading style sheets, JavaScript code, etc.) will be available at a nearby edge location for the browsers to download with low latency and improved performance for viewers. Caching popular static content with Amazon CloudFront also helps you offload requests for such files from your origin server – CloudFront serves the cached copy when available and only makes a request to your origin server if the edge location receiving the browser's request does not have a copy of the file. References: Amazon CloudFront
All Home

All Question 335/790


A company built an application that lets users check in to places they visit, rank the places, and add reviews about their experiences. The application is successful with a rapid increase in the number of users every month.

The chief technology officer fears the database supporting the current Infrastructure may not handle the new load the following month because the single Amazon RDS for MySQL instance has triggered alarms related to resource exhaustion due to read requests.

What can a solutions architect recommend to prevent service Interruptions at the database layer with minimal changes to code?

RefreshNextRandom

A. Create RDS read replicas and redirect read-only traffic to the read replica endpoints. Enable a Multi-AZ deployment.
All Home

All Question 336/790


A company runs a photo processing application mat needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region A solutions architect has noticed an increased cost in data transfer lees and needs to implement a solution to reduce these costs

How can the solutions architect meet this requirement?

RefreshNextRandom

C. Deploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets
All Home

All Question 337/790


A company processes large amounts of data. The output data is stored in Amazon S3 Standard storage in an S3 bucket, where it is analyzed for 1 month. The data must remain immediately accessible after the 1–month analysis period.

Which storage solution meets these requirements MOST cost–effectively?

RefreshNextRandom

B. Configure S3 Intelligent-Tiering to transition the objects to S3 Glacier after 30 days.
All Home

All Question 338/790


A solutions architect needs to design a network that will allow multiple Amazon EC2 instances to access a common data source used for mission–critical data that can be accessed by all the EC2 instances simultaneously. The solution must be highly scalable, easy to implement, and support the NFS protocol.

Which solution meets these requirements?

RefreshNextRandom

A. Create an Amazon EFS file system. Configure a mount target in each Availability Zone. Attach each instance to the appropriate mount target.
All Home

All Question 339/790


A company is using Amazon DynamoDB with provisioned throughput for the database tier of its eCommerce website. During flash sales, customers experience periods of time when the database cannot handle the high number of transactions taking place. This causes the company to lose transactions. During normal periods, the database performs appropriately.

Which solution solves the performance problem the company faces?

RefreshNextRandom

A. Switch DynamoDB to on-demand mode during flash sales.
All Home

All Question 340/790


A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2 instances to download software updates.

What should the solutions architect do to enable internet access for the private subnets?

RefreshNextRandom

B. Create three NAT instances, one for each private subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.
All Home

All Question 341/790


A company is planning to migrate a legacy application to AWS. The application currently uses NFS to communicate to an on–premises storage solution to store application data. The application cannot be modified to use any other communication protocols other than NFS for this purpose.

Which storage solution should a solutions architect recommend for use after the migration?

RefreshNextRandom

C. Amazon Elastic File System (Amazon EFS)
All Home

All Question 342/790


A solutions architect is designing an architecture to run a third–party database server. The database software is memory intensive and has a CPU–based licensing model where the cost increases with the number of vCPU cores within the operating system. The solutions architect must select an Amazon EC2 instance with sufficient memory to run the database software, but the selected instance has a large number of vCPUs. The solutions architect must ensure that the vCPUs will not be underutilized and must minimize costs.

Which solution meets these requirements?

RefreshNextRandom

A. Select and launch a smaller EC2 instance with an appropriate number of vCPUs.
All Home

All Question 343/790


A company finds that, as its use of Amazon EC2 instances grows us Amazon Elastic Block Store (Amazon EDS) storage costs are increasing faster man expected.

Which EBS management practices would help reduce costs? (Select TWO. )

RefreshNextRandom

B. Monitor and enforce that the Delete on termination attribute is set to true for all EBS volumes, unless persistence requirements dictate otherwise.
D. For EBS volumes needed for retention purposes that are not being actively used, take a snapshot and terminate the instance and volume.
All Home

All Question 344/790


A company hosts historical weather records in Amazon S3. The records are downloaded from the company's website by a way of a URL that resolves to a domain name. Users all over the world access this content through subscriptions. A third–party provider hosts the company's root domain name, but the company recently migrated some of its services to Amazon Route 53. The company wants to consolidate contracts, reduce latency for users, and reduce costs related to serving the application to subscribers.

Which solution meets these requirements?

RefreshNextRandom

B. Create a web distribution on Amazon CloudFront to serve the S3 content for the application. Create an ALIAS record in the Amazon Route 53 hosted zone that points to the CloudFront distribution, resolving to the application's URL domain name.
All Home

All Question 345/790


A company has a three–tier environment on AWS that ingests sensor data from its users' devices. The traffic flows through a Network Load Balancer (NLB) then to Amazon EC2 instances for the web tier, and finally toEC2 instances for the application tier that makes database calls.



What should a solutions architect do to improve the security of data in transit to the web tier?

RefreshNextRandom

A. Configure a TLS listener and add the server certificate on the NLB.
User – NLB – EC2 (Web) + DB
All Home

All Question 346/790


A solutions architect must create a highly available bastion host architecture. The solution needs to be resilient within a single AWS Region and should require only minimal effort to maintain.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

D. Create a Network Load Balancer backed by an Auto Scaling group with instances in multiple Availability Zones as the target.
All Home

All Question 347/790


A company is running a multi–tier web application on–premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records. The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth. A solutions architect must improve the application's infrastructure.

Which combination of actions should the solutions architect take to accomplish this? (Select TWO.)

RefreshNextRandom

A. Migrate the PostgreSQL database to Amazon Aurora
E. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS)
All Home

All Question 348/790


A solutions architect is designing a system to analyze the performance of financial markets while the markets are closed. The system will run a series of compute–intensive jobs for 4 hours every night. The time to complete the compute jobs is expected to remain constant, and jobs cannot be interrupted once started. Once completed, the system is expected to run for a minimum of 1 year.

Which type of Amazon EC2 instances should be used to reduce the cost of the system?

RefreshNextRandom

D. Scheduled Reserved Instances
Scheduled Reserved Instances (Scheduled Instances) enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term. You reserve the capacity in advance, so that you know it is available when you need it. You pay for the time that the instances are scheduled, even if you do not use them. Scheduled Instances are a good choice for workloads that do not run continuously, but do run on a regular schedule. For example, you can use Scheduled Instances for an application that runs during business hours or for batch processing that runs at the end of the week. CORRECT: "Scheduled Reserved Instances" is the correct answer. INCORRECT: "Standard Reserved Instances" is incorrect as the workload only runs for 4 hours a day this would be more expensive. INCORRECT: "On-Demand Instances" is incorrect as this would be much more expensive as there is no discount applied. INCORRECT: "Spot Instances" is incorrect as the workload cannot be interrupted once started. With Spot instances workloads can be terminated if the Spot price changes or capacity is required. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Scheduled Reserved Instances
All Home

All Question 349/790


A company has an application with a REST–based interface that allows data to be received in near–real time from a third–party vendor. Once received, the application processes and stores the data for further analysis.
The application is running on Amazon EC2 instances.

The third–party vendor has received many 503 Service Unavailable Errors when sending data to the application. When the data volume spikes, the compute capacity reaches its maximum limit and the application is unable to process all requests.

Which design should a solutions architect recommend to provide a more scalable solution?

RefreshNextRandom

A. Use Amazon Kinesis Data Streams to ingest the data. Process the data using AWS Lambda functions.
All Home

All Question 350/790


A company manages a data lake in an Amazon S3 bucket that numerous application share. The S3 bucket contain unique folders with a prefix for each application.

The company wants to restrict each application to its specific folder and have more granular control of the objects in each folder.

Which solution met these requirements with the LEAST amount of effort?

RefreshNextRandom

B. Create anS3 Batch Operations job to set the ACL permissions for each object in the S3 bucket.
All Home

All Question 351/790


A company is building a web application that serves a content management system. The content management system runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run in an Auto Scaling group across multiple Availability Zones Users are constantly adding and updating files blogs and other website assets in the content management system.

A solutions architect must implement a solution in which all the EC2 instances share up–to–date website content with the least possible lag time.

Which solution meets these requirements?

RefreshNextRandom

A. Update the EC2 user data in the Auto Scaling group lifecycle policy to copy the website assets from the EC2 instance that was launched most recently Configure the ALB to make changes to the website assets only m the newest EC2 instance
All Home

All Question 352/790



What is the FASTEST way to aggregate data from all of these global sites?

RefreshNextRandom

B. Upload site data to an Amazon S3 bucket in the closest AWS Region. Use S3 cross-Region replication to copy objects to the destination bucket.
All Home

All Question 353/790


A company needs comply with a regulatory requirement that states all emails must be stored and archived externally for 7 years.

An administrator has created compressed email files on–premises and wants a managed service to transfer the files to AWS storage.

Which managed service should a solution architect recommend?

RefreshNextRandom

D. AWS Storage Gateway.
All Home

All Question 354/790


A company is running an eCommerce application on Amazon EC2. The application consists of a stateless web tier that requires a minimum of 10 instances, and a peak of 250 instances to support the application's usage. The application requires 50 instances 80% of the time.

Which solution should be used to minimize costs?

RefreshNextRandom

D. Purchase Reserved Instances to cover 50 instances. Use On-Demand and Spot Instances to cover the remaining instances.
Reserved Instances Having 50 EC2 RIs provide a discounted hourly rate and an optional capacity reservation for EC2 instances. AWS Billing automatically applies your RI's discounted rate when attributes of EC2 instance usage match attributes of an active RI. If an Availability Zone is specified, EC2 reserves capacity matching the attributes of the RI. The capacity reservation of an RI is automatically utilized by running instances matching these attributes. You can also choose to forego the capacity reservation and purchase an RI that is scoped to a region. RIs that are scoped to a region automatically apply the RI's discount to instance usage across AZs and instance sizes in a region, making it easier for you to take advantage of the RI's discounted rate. On-Demand Instance On-Demand instances let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. This frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. The pricing below includes the cost to run private and public AMIs on the specified operating system ("Windows Usage" prices apply to Windows Server 2003 R2, 2008, 2008 R2, 2012, 2012 R2, 2016, and 2019). Amazon also provides you with additional instances for Amazon EC2 running Microsoft Windows with SQL Server, Amazon EC2 running SUSE Linux Enterprise Server, Amazon EC2 running Red Hat Enterprise Linux and Amazon EC2 running IBM that are priced differently. Spot Instances A Spot Instance is an unused EC2 instance that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly. The hourly price for a Spot Instance is called a Spot price. The Spot price of each instance type in each Availability Zone is set by Amazon EC2, and adjusted gradually based on the long-term supply of and demand for Spot Instances. Your Spot Instance runs whenever capacity is available and the maximum price per hour for your request exceeds the Spot price.
All Home

All Question 355/790


A company runs an application on a group of Amazon Linux EC2 instances. The application writes log files using standard API calls. For compliance reasons, all log files must be retained indefinitely and will be analyzed by a reporting tool that must access all files concurrently.

Which storage service should a solutions architect use to provide the MOST cost–effective solution?

RefreshNextRandom

D. Amazon S3
Amazon S3: Requests to Amazon S3 can be authenticated or anonymous. Authenticated access requires credentials that AWS can use to authenticate your requests. When making REST API calls directly from your code, you create a signature using valid credentials and include the signature in your request. Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world. The application is writing the files using API calls which means it will be compatible with Amazon S3 which uses a REST API. S3 is a massively scalable key-based object store that is well-suited to allowing concurrent access to the files from many instances. Amazon S3 will also be the most cost-effective choice. A rough calculation using the AWS pricing calculator shows the cost differences between 1TB of storage on EBS, EFS, and S3 Standard. CORRECT: "Amazon S3" is the correct answer. INCORRECT: "Amazon EFS" is incorrect as though this does offer concurrent access from many EC2 Linux instances, it is not the most cost-effective solution. INCORRECT: "Amazon EBS" is incorrect. The Elastic Block Store (EBS) is not a good solution for concurrent access from many EC2 instances and is not the most cost-effective option either. EBS volumes are mounted to a single instance except when using multi-attach which is a new feature and has several constraints. INCORRECT: "Amazon EC2 instance store" is incorrect as this is an ephemeral storage solution which means the data is lost when powered down. Therefore, this is not an option for long-term data storage. References: Amazon Simple Storage Service > User Guide > Best practices design patterns: optimizing Amazon S3 performance
All Home

All Question 356/790


In Amazon AWS, which of the following statements is true of key pairs?

RefreshNextRandom

B. Key pairs are used only for Amazon EC2 and Amazon CloudFront.
Key pairs consist of a public and private key, where you use the private key to create a digital signature, and then AWS uses the corresponding public key to validate the signature. Key pairs are used only for Amazon EC2 and Amazon CloudFront. References: AWS General Reference > Reference guide > Understanding and getting your AWS credentials
All Home

All Question 357/790


A company experienced a breach from an attacker on its on–premises network.

The attacker launched port scanning, waged on outbound Dos attack, and performed crypto currency mining.

The company is moving to AWS to build a more resilient architecture that monitors and remediate this type the attack on the account level.

How should the company use AWS services to meet these requirements?

RefreshNextRandom

A. Enable Amazon GuardDuty to generate findings. Trigger AWS Lambda for automated remediation of identified threats.
All Home

All Question 358/790


A company receives inconsistent service from its data center provider because the company is headquartered in an area affected by natural disasters. The company is not ready to fully migrate to the AWS Cloud, but it wants a failure environment on AWS in case the on–premises data center fails.

The company runs web servers that connect to external vendors. The data available on AWS and on–premises must be uniform.

Which solution should a solutions architect recommend that has the LEAST amount of downtime?

RefreshNextRandom

A. Configure an Amazon Route 53 failover record. Run application servers on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. Set up AWS Storage Gateway with stored volumes to back up data to Amazon S3.
All Home

All Question 359/790


A company is creating a three–tier web application consisting of a web server, an application server, and a database server. The application will track GPS coordinates of packages as they are being delivered. The application will update the database every 0–5 seconds.

The tracking will need to read a fast as possible for users to check the status of their packages. Only a few packages might be tracked on some days, whereas millions of package might be tracked on other days. Tracking will need to be searchable by tracking ID customer ID and order ID Order than 1 month no longer read to be tracked.

What should a solution architect recommend to accomplish this with minimal cost of ownership?

RefreshNextRandom

B. Use Amazon DynamoDB with global secondary indexes. Enable Auto Scaling on the DynamoDB table and the global secondary indexes. Enable TTL on the DynamoDB table.
All Home

All Question 360/790


A company has an application that uses overnight digital images of products on store shelves to analyze inventory data. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) and obtains the images from an Amazon S3 bucket for its metadata to be processed by worker nodes for analysis. A solutions architect needs to ensure that every image is processed by the worker nodes.

What should the solutions architect do to meet this requirement in the MOST cost–efficient way?

RefreshNextRandom

B. Process the image metadata by sending it directly to EC2 Reserved Instances in an Auto Scaling group. With a dynamic scaling policy, use an Amazon CloudWatch metric for average CPU utilization of the Auto Scaling group as soon as the front-end application obtains the images.
All Home

All Question 361/790


An application allows users at a company's headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance. The operations team has isolated an application performance slowdown and wants to separate read traffic from write traffic. A solutions architect needs to optimize the application's performance quickly.

What should the solutions architect recommend?

RefreshNextRandom

D. Create read replicas for the database. Configure the read replicas with the same compute and storage resources as the source database.
All Home

All Question 362/790


A company is working with an external vendor that requires write access to the company's Amazon Simple Queue Service (Amazon SQS) queue. The vendor has its own AWS account.

What should a solutions architect do to implement least privilege access?

RefreshNextRandom

D. Create a cross-account role with access to all SQS queues and use the vendor's AWS account in the trust document for the role.
All Home

All Question 363/790


A company has an on–premises business application that generates hundreds of files each day. These files are stored on an SMB file share and require a low–latency connection to the application servers. A new company policy states all application–generated files must be copied to AWS. There is already a VPN connection to AWS.

The application development team does not have time to make the necessary code modifications to move the application to AWS.

Which service should a solutions architect recommend to allow the application to copy files to AWS?

RefreshNextRandom

D. AWS Storage Gateway
The files will be on the storage gateway with low latency and copied to AWS as a second copy. FSx in AWS will not provide low latency for the on-prem apps over a VPN to the FSx file system.
All Home

All Question 364/790


A company wants to improve the availability and performance of its stateless UDP–based workload. The workload is deployed on Amazon EC2 instances in multiple AWS Regions.

What should a solutions architect recommend to accomplish this?

RefreshNextRandom

D. Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs.
All Home

All Question 365/790


53 latency–based routing to route requests to its UDP–based application tor users around the world the application is hosted on redundant servers in the company's on–premises data centers in the United States Asia, and Europe The company's compliance requirements state that the application must be hosted on–premises. The company wants to improve the performance and availability of the application.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Configure three Network Load Balancers (NLOs) in the three AWS Regions to address the on-premises endpoints in Route 53. Create latency-based record that points to the three NLBs. and use it as an origin for an Amazon CloudFront distribution. Provide access to the application by using a CNAML that points to the CloudFront DNS.
All Home

All Question 366/790


A solutions architect needs to design a network that will allow multiple Amazon EC2 instances to access a common data source used for mission–critical data that can be accessed by all the EC2 instances simultaneously. The solution must be highly scalable, easy to implement and support the NFS protocol.

Which solution meets these requirements?

RefreshNextRandom

A. Create an Amazon EFS file system. Configure a mount target in each Availability Zone. Attach each instance to the appropriate mount target.
All Home

All Question 367/790


A company is preparing to migrate its on–premises application to AWS. The application consists of application servers and a Microsoft SQL Server database The database cannot be migrated to a different engine because SQL Server features are used in the application's NET code. The company wants to attain the greatest availability possible while minimizing operational and management overhead.



What should a solutions architect do to accomplish this?

RefreshNextRandom

B. Migrate the data to Amazon RDS for SQL Server in a Multi-AZ deployment.
All Home

All Question 368/790


A company runs a web application that is backed by Amazon RDS. A new database administrator caused data loss by accidentally editing information in a database table. To help recover from this type of incident, the company wants the ability to restore the database to its state from 5 minutes before any change within the last 30 days.

Which feature should the solutions architect include in the design to meet this requirement?

RefreshNextRandom

C. Automated backups
All Home

All Question 369/790


A company has a two–tier application architecture that runs in public and private subnets. Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet.

The web application instances and the database are running in a single Availability Zone (AZ).

Which combination of steps should a solutions architect take to provide high availability for this architecture? (Choose two.)

RefreshNextRandom

B. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs.
E. Create new public and private subnets in the same VPC, each in a new AZ. Migrate the database to an Amazon RDS multi-AZ deployment.
You would the EC2 instances to have high availability by placing them in multiple AZs.
All Home

All Question 370/790


Which of the below mentioned options is not available when an instance is launched by Auto Scaling with EC2 Classic?

RefreshNextRandom

B. Elastic IP
Auto Scaling supports both EC2 classic and EC2-VPC. When an instance is launched as a part of EC2 classic, it will have the public IP and DNS as well as the private IP and DNS. References: Amazon EC2 Auto Scaling > User Guide > Getting started with Amazon EC2 Auto Scaling
All Home

All Question 371/790


A company is using Amazon CloudFront with its website.

The company has enabled logging on the CloudFront distribution, and logs are saved in one of the company's Amazon S3 buckets.

The company needs to perform advanced analysis on the logs and build visualizations.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

D. Use standard SQL queries in Amazon DynamoDB to analyze the CloudFront logs in the S3 bucket. Visualize the results with Amazon QuickSight.
All Home

All Question 372/790


In EC2, what happens to the data in an instance store if an instance reboots (either intentionally or unintentionally)?

RefreshNextRandom

B. Data persists in the instance store.
The data in an instance store persists only during the lifetime of its associated instance. If an instance reboots (intentionally or unintentionally), data in the instance store persists. However, data on instance store volumes is lost under the following circumstances. Failure of an underlying drive Stopping an Amazon EBS-backed instance Terminating an instance References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Amazon EC2 instance store
All Home

All Question 373/790


To specify a resource in a policy statement, in Amazon EC2, can you use its Amazon Resource Name (ARN)?

RefreshNextRandom

A. Yes, you can.
Some Amazon EC2 API actions allow you to include specific resources in your policy that can be created or modified by the action. To specify a resource in the statement, you need to use its Amazon Resource Name (ARN). References: Amazon EC2 User Guide
All Home

All Question 374/790


A company wants to monitor its AWS costs for financial review. The cloud operations team is designing an architecture in the AWS Organizations master account to query AWS Cost and Usage Reports for all member accounts.

The team must run this query once a month and provide a detailed analysis of the bill.

Which solution is the MOST scalable and cost–effective way to meet these requirements?

RefreshNextRandom

B. Enable Cost and Usage Reports in the master account. Deliver the reports to Amazon S3. Use Amazon Athena for analysis.
All Home

All Question 375/790


A company is using a VPC peering strategy to connect its VPCs in a single Region to allow for cross– communication. A recent increase in account creations and VPCs has made it difficult to maintain the VPC peering strategy, and the company expects to grow to hundreds of VPCs.

There are also new requests to create site–to–site VPNs with some of the VPCs. A solutions architect has been tasked with creating a centrally networking setup for multiple accounts, VPNS, and VPNs.

Which networking solution meets these requirements?

RefreshNextRandom

D. Configure a transit gateway with AWS Transit Gateway and connected all VPCs and VPNs.
All Home

All Question 376/790


A company uses an Amazon S3 bucket to store static images for its website. The company configured permissions to allow access to Amazon S3 objects by privileged users only.

What should a solutions architect do to protect against data loss? (Choose two.)

RefreshNextRandom

A. Enable versioning on the S3 bucket.
E. Use MFA Delete to require multi-factor authentication to delete an object.
All Home

All Question 377/790


You are trying to launch an EC2 instance, however the instance seems to go into a terminated status immediately. What would probably not be a reason that this is happening?

RefreshNextRandom

C. You need to create storage in EBS first.
Amazon EC2 provides a virtual computing environments, known as an instance. After you launch an instance, AWS recommends that you check its status to confirm that it goes from the pending status to the running status, the not terminated status. The following are a few reasons why an Amazon EBS-backed instance might immediately terminate: You've reached your volume limit. The AMI is missing a required part. The snapshot is corrupt. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Instance terminates immediately
All Home

All Question 378/790


A solutions architect is designing the storage architecture for a new web application used for storing and viewing engineering drawings. All application components will be deployed on the AWS infrastructure.

The application design must support caching to minimize the amount of time that users wait for the engineering drawings to load. The application must be able to store petabytes of data. Which combination of storage and caching should the solutions architect use?

RefreshNextRandom

A. Amazon S3 with Amazon CloudFront
CloudFront for caching and S3 as the origin. Glacier is used for archiving which is not the case for this scenario.
All Home

All Question 379/790


A company wants to deploy an additional Amazon Aurora MySQL DB cluster for development purposes.

The cluster will be used several times a week for a few minutes upon to debug production query issues.

The company wants to keep overhead low for this resource.

Which solution meets the company's requirements MOST cost–effectively?

RefreshNextRandom

D. Create an AWS Lambda function to stop DB instances it there are no active connections
All Home

All Question 380/790


A company is developing a data lake solution in Amazon S3 to analyze large scale datasets. The solution makes infrequent SOL queries only in addition, the company wants to minimize infrastructure costs.

Which AWS service should be used to meet these requirements?

RefreshNextRandom

B. Amazon Redshift Spectrum
All Home

All Question 381/790


A company recently started using Amazon Aurora as the data store for its global eCommerce application.

When large reports are run, developers report that the eCommerce application is performing poorly. After reviewing metrics in Amazon CloudWatch. A solutions architect finds that the ReadIOPS and CPU Utilization metrics are spiking when monthly reports run.

What is the MOST cost–effective solution?

RefreshNextRandom

D. Increase the Provisioned IOPS on the Aurora instance.
All Home

All Question 382/790


A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be deleted. Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days.

Which storage solution is MOST cost–effective?

RefreshNextRandom

C. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Delete the files 4 years after object creation.
All Home

All Question 383/790


A solutions architect is designing an application for a two–step order process. The first step is synchronous and must return to the user with little latency. The second step takes longer, so it will be implemented in a separate component. Orders must be processed exactly once and in the order in which they are received.

How should the solutions architect integrate these components?

RefreshNextRandom

A. Use Amazon SQS FIFO queues.
"Standard queues provide at-least-once delivery, which means that each message is delivered at least once. FIFO queues provide exactly-once processing, which means that each message is delivered once and remains available until a consumer processes it and deletes it. Duplicates are not introduced into the queue." References: Amazon Simple Queue Service > Developer Guide > What is Amazon Simple Queue Service?
All Home

All Question 384/790


An application runs on Amazon EC2 instances across multiple Availability Zones. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer. The application performs best when the CPU utilization of the EC2 instances is at or near 40%.

What should a solutions architect do to maintain the desired performance across all instances in the group?

RefreshNextRandom

B. Use a target tracking policy to dynamically scale the Auto Scaling group.
"With target tracking scaling policies, you select a scaling metric and set a target value. Amazon EC2 AutoScaling creates and manages the CloudWatch alarms that trigger the scaling policy and calculates the scaling adjustment based on the metric and the target value. The scaling policy adds or removes capacity as required to keep the metric at, or close to, the specified target value. In addition to keeping the metric close to the target value, a target tracking scaling policy also adjusts to changes in the metric due to a changing load pattern. For example, you can use target tracking scaling to: Configure a target tracking scaling policy to keep the average aggregate CPU utilization of your Auto Scaling group at 40 percent. Configure a target tracking scaling policy to keep the request count per target of your Application Load Balancer target group at 1000 for your AutoScaling group." With target tracking scaling policies, you select a scaling metric and set a target value. Amazon EC2 Auto Scaling creates and manages the CloudWatch alarms that trigger the scaling policy and calculates the scaling adjustment based on the metric and the target value. The scaling policy adds or removes capacity as required to keep the metric at, or close to, the specified target value. In addition to keeping the metric close to the target value, a target tracking scaling policy also adjusts to the changes in the metric due to a changing load pattern. CORRECT: "Use a target tracking policy to dynamically scale the Auto Scaling group" is the correct answer. INCORRECT: "Use a simple scaling policy to dynamically scale the Auto Scaling group" is incorrect as target tracking is a better way to keep the aggregate CPU usage at around 40% INCORRECT: "Use an AWS Lambda function to update the desired Auto Scaling group capacity" is incorrect as this can be done automatically. INCORRECT: "Use scheduled scaling actions to scale up and scale down the Auto Scaling group" is incorrect as dynamic scaling is required to respond to changes in utilization. References: Amazon EC2 Auto Scaling > User Guide > Target tracking scaling policies for Amazon EC2 Auto Scaling
All Home

All Question 385/790


A solutions architect is designing an architecture that includes web application and database tiers. The web tier must be capable of auto scaling. The solutions architect has decided to separate each tier into its own subnets. The design includes two public subnets and four private subnets. The security team requires that tiers be able to communicate with each other only when there is a business need and that all other network traffic be blocked.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

D. Create network ACLs in all six subnets to limit traffic to the sources and destinations required for the application to function
All Home

All Question 386/790


An application launched on Amazon EC2 instances needs to publish personally identifiable information (PH) about customers using Amazon Simple Notification Service (Amazon SNS). The application is launched in private subnets within an Amazon VPC.

What is the MOST secure way to allow the application to access service endpoints in the same AWS Region?

RefreshNextRandom

B. Use AWS PrivateLink
All Home

All Question 387/790


An application calls a service run by a vendor.

The vendor charges based on the number of calls.

The finance department needs to know the number of calls that are made to the service to validate the billing statements.

How can a solutions architect design a system to durably store the number of calls without requiring changes to the application?

RefreshNextRandom

C. Publish a custom Amazon CloudWatch metric that counts calls to the service
All Home

All Question 388/790


A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing. 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.

Which set of services should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage
All Home

All Question 389/790


A solutions architect must migrate a Windows internet information Services (IIS) web application to AWS.

The application currently relies on a file share hosted in the user's on–premises network–attached storage (NAS). The solutions architected has proposed migrating the IIS web servers.

Which replacement to the on–premises file share is MOST resilient and durable?

RefreshNextRandom

C. Migrate the file Share to Amazon FSx for Windows File Server.
All Home

All Question 390/790


A software vendor is deploying a new software–as–a–service (SaaS) solution that will be utilized by many AWS users. The service is hosted in a VPC behind a Network Load Balancer. The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet.

What should a solutions architect do to accomplish this goal?

RefreshNextRandom

C. Connect the service in the VPC with an AWS Private Link endpoint. Have users subscribe to the endpoint.
All Home

All Question 391/790


A company Is creating a new application that will store a large amount of data.

The data will be analyzed hourly and will be modified by several Amazon EC2 Linux instances that are deployed across multiple Availability Zones.

The needed amount of storage space will continue to grow for the next 6 months

Which storage solution should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Store the data in Amazon S3 Glacier Update the S3 Glacier vault policy to allow access to the application instances.
All Home

All Question 392/790


A company is hosting 60 TB of production–level data in an Amazon S3 bucket. A solution architect needs to bring that data on–premises for quarterly audit requirements. This export of data must be encrypted while in transit. The company has low network bandwidth in place between AWS and its on–premises data center.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

D. Deploy an AWS Snowball device in the on-premises data center after completing an export job request in the AWS Snowball console.
AWS Snowball with the Snowball device has the following features: 80 TB and 50 TB models are available in US Regions; 50 TB model available in all other AWS Regions. References: AWS Snowball > User Guide > What Is an AWS Snowball Device?
All Home

All Question 393/790


A company has a website running on Amazon EC2 instances across two Availability Zones. The company is expecting spikes in traffic on specific holidays, and wants to provide a consistent user experience. How can a solutions architect meet this requirement?

RefreshNextRandom

D. Use scheduled scaling.
All Home

All Question 394/790


A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet.

What should the solutions architect do to accomplish this? (Choose two.)

RefreshNextRandom

A. Create a route table entry for the endpoint.
B. Create a gateway endpoint for DynamoDB.
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network. Gateway endpoints: A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service. The following AWS services are supported: Amazon S3 DynamoDB Amazon DynamoDB and Amazon S3 support gateway endpoints, not interface endpoints. With a gateway endpoint you create the endpoint in the VPC, attach a policy allowing access to the service, and then specify the route table to create a route table entry in. CORRECT: "Create a route table entry for the endpoint" is a correct answer. CORRECT: "Create a gateway endpoint for DynamoDB" is also a correct answer. INCORRECT: "Create a new DynamoDB table that uses the endpoint" is incorrect as it is not necessary to create a new DynamoDB table. INCORRECT: "Create an ENI for the endpoint in each of the subnets of the VPC" is incorrect as an ENI is used by an interface endpoint, not a gateway endpoint. INCORRECT: "Create a VPC peering connection between the VPC and DynamoDB" is incorrect as you cannot create a VPC peering connection between a VPC and a public AWS service as public services are outside of VPCs. References: Amazon Virtual Private Cloud > AWS PrivateLink > Gateway VPC endpoints
All Home

All Question 395/790


A company is automating an order management application. The company's development team has decided to use SFTP to transfer and store the business–critical information files. The files must be encrypted and must be highly available. The files also must be automatically deleted a month after they are created.

Which solution meets these requirements with the LEAST operational overhead?

RefreshNextRandom

D. Configure an Amazon S3 bucket with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the S3 bucket. Apply S3 Lifecycle rules to automatically delete the files after a month.
All Home

All Question 396/790


A company wants to build an online marketplace application on AWS as a set of loosely coupled microservices For this application, when a customer submits a new order two microservices should handle the event simultaneously. The Email microservice will send a confirmation email and the order processing microservice will start the order delivery process If a customer cancels an order, the order cancellation and Email microservices should handle the event simultaneously.

A solutions architect wants to use Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS) to design the messaging between the microservices.

How should the solutions architect design the solution?

RefreshNextRandom

C. Create an SNS topic and publish order events to it Create three SQS queues for the Email OrderProcessing and OrderCancellation microservices Subscribe all SQS queues to the SNS topic with message filtering
All Home

All Question 397/790


A manufacturing company wants to implement predictive maintenance on its machinery equipment. The company will install thousands of IoT sensors that will send data to AWS in real time. A solutions architect is tasked with implementing a solution that will receive events in an ordered manner for each machinery asset and ensure that data is saved for further processing at a later time.

Which solution would be MOST efficient?

RefreshNextRandom

A. Use Amazon Kinesis Data Streams for real-time events with a partition for each equipment asset. Use Amazon Kinesis Data Firehose to save data to Amazon S3.
Amazon SQS Introduces FIFO Queues with Exactly-Once Processing and Lower Prices for Standard Queues You can now use Amazon Simple Queue Service (SQS) for applications that require messages to be processed in a strict sequence and exactly once using First-in, First-out (FIFO) queues. FIFO queues are designed to ensure that the order in which messages are sent and received is strictly preserved and that each message is processed exactly once. Amazon SQS is a reliable and highly-scalable managed message queue service for storing messages in transit between application components. FIFO queues complement the existing Amazon SQS standard queues, which offer high throughput, best-effort ordering, and at-least-once delivery. FIFO queues have essentially the same features as standard queues, but provide the added benefits of supporting ordering and exactly-once processing. FIFO queues provide additional features that help prevent unintentional duplicates from being sent by message producers or from being received by message consumers. Additionally, message groups allow multiple separate ordered message streams within the same queue. Amazon Kinesis Data Streams collect and process data in real time. A Kinesis data stream is a set of shards. Each shard has a sequence of data records. Each data record has a sequence number that is assigned by Kinesis Data Streams. A shard is a uniquely identified sequence of data records in a stream. A partition key is used to group data by shard within a stream. Kinesis Data Streams segregates the data records belonging to a stream into multiple shards. It uses the partition key that is associated with each data record to determine which shard a given data record belongs to. For this scenario, the solutions architect can use a partition key for each device. This will ensure the records for that device are grouped by shard and the shard will ensure ordering. Amazon S3 is a valid destination for saving the data records. CORRECT: "Use Amazon Kinesis Data Streams for real-time events with a partition key for each device. Use Amazon Kinesis Data Firehose to save data to Amazon S3" is the correct answer. INCORRECT: "Use Amazon Kinesis Data Streams for real-time events with a shard for each device. Use Amazon Kinesis Data Firehose to save data to Amazon EBS" is incorrect as you cannot save data to EBS from Kinesis. INCORRECT: "Use an Amazon SQS FIFO queue for real-time events with one queue for each device. Trigger an AWS Lambda function for the SQS queue to save data to Amazon EFS" is incorrect as SQS is not the most efficient service for streaming, real time data. INCORRECT: "Use an Amazon SQS standard queue for real-time events with one queue for each device. Trigger an AWS Lambda function from the SQS queue to save data to Amazon S3" is incorrect as SQS is not the most efficient service for streaming, real time data. References: Amazon Kinesis Data Streams > Developer Guide > Amazon Kinesis Data Streams Terminology and Concepts
All Home

All Question 398/790


A company has no existing file share services. A new project requires access to file storage that is mountable as a drive for on–premises desktops. The file server must authenticate users to an Active Directory domain before they are able to access the storage.

Which service will allow Active Directory users to mount storage as a drive on their desktops?

RefreshNextRandom

D. AWS Storage Gateway
All Home

All Question 399/790


A solutions architect is using an AWS Cloud Formation template to deploy a three–tier web application. The web application consists of a web tier and an application tier that stores and retrieves user data in Amazon DynamoDB tables. The web and application tiers are hosted on Amazon EC2 instances, and the database tier is not publicly accessible. The application EC2 instances need to access the DynamoDB tables without exposing API credentials in the template.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

B. Create an IAM role that has the required permissions to read and write from the DynamoOB tables. Add the role to the EC2 instance profile and associate the instance profile with the apphcanon instances
All Home

All Question 400/790


A company is creating a three–tier web application consisting of a web server, an application server, and a database server. The application will track GPS coordinates of packages as they are being delivered. The application will update the database every 0–5 seconds.

The tracking will need to read a fast as possible for users to check the status of their packages. Only a few packages might be tracked on some days, whereas millions of package might be tracked on other days.


What should a solution architect recommend to accomplish this with minimal cost of ownership?

RefreshNextRandom

B. Use Amazon DynamoDB with global secondary indexes. Enable Auto Scaling on the DynamoDB table and the global secondary indexes. Enable TTL on the DynamoDB table.
All Home

All Question 401/790


A solutions architect has configured the following IAM policy.

A solutions architect has configured the following IAM policy.

A solutions architect has configured the following IAM policy.

Which action will be allowed by the policy?

RefreshNextRandom

C. An AWS Lambda function can be deleted from the 100.220.0.0/20 network.
All Home

All Question 402/790


A company must migrate 20 TB of data from a data center to the AWS Cloud within 30 days. The company's network bandwidth is limited to 15 Mbps and cannot exceed 70% utilization. What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Use AWS Snowball.
All Home

All Question 403/790


A company needs to connect several VPCs in the us–east Region that span hundreds of AWS accounts.

The company's networking team as its own AWS account to manage the cloud network.

What is the MOST operationally efficient solution to connect the VPCs?

RefreshNextRandom

C. Create an AWS Transit Gateway in the networking team's AWS account. Configure static routes from each VPC.
All Home

All Question 404/790


A media company has an application that tracks user clicks on its websites and performs analytics to provide near–real–time recommendations. The application has a Heel of Amazon EC2 instances that receive data from the websites and send the data to an Amazon RDS DB instance. Another fleet of EC2 instances hosts the portion of the application that is continuously checking changes in the database and executing SQL queries to provide recommendations. Management has requested a redesign to decouple the infrastructure. The solution must ensure that data analysts are writing SQL to analyze the data only No data can the lost during the deployment.

What should a solutions architect recommend?

RefreshNextRandom

B. Use Amazon Kinesis Data Streams to capture the data from the websites. Kinesis Data Analytics to query the data, and Kinesis Data Firehose to persist the data on Amazon S3.
All Home

All Question 405/790


A Solutions Architect is designing the architecture for a web application that will be hosted on AWS. Internet users will access the application using HTTP and HTTPS.

How should the Architect design the traffic control requirements?

RefreshNextRandom

C. Allow inbound ports for HTTP and HTTPS in the security group used by the web servers.
All Home

All Question 406/790


A company that recently started using AWS establishes a Site–to–Site VPN between its on–premises datacenter and AWS. The company's security mandate states that traffic originating from on–premises should stay within the company's private IP space when communicating with an Amazon Elastic Container Service (Amazon ECS) cluster that is hosting a sample web application.

Which solution meets this requirement?

RefreshNextRandom

C. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VPC. Connect the two VPCs by using VPC peering.
All Home

All Question 407/790


Your EBS volumes do not seem to be performing as expected and your team leader has requested you look into improving their performance. Which of the following is not a true statement relating to the performance of your EBS volumes?

RefreshNextRandom

A. Frequent snapshots provide a higher level of data durability and they will not degrade the performance of your application while the snapshot is in progress.
Several factors can affect the performance of Amazon EBS volumes, such as instance configuration, I/O characteristics, workload demand, and storage configuration. Frequent snapshots provide a higher level of data durability, but they may slightly degrade the performance of your application while the snapshot is in progress. This trade off becomes critical when you have data that changes rapidly. Whenever possible, plan for snapshots to occur during off-peak times in order to minimize workload impact. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Amazon EBS volume performance on Linux instances
All Home

All Question 408/790


A solutions architect must analyze and update a company's existing 1AM policies prior to deploying a new workload.
The solutions architect created the following policy:
A solutions architect must analyze and update a company's existing 1AM policies prior to deploying a new workload.
What is the net effect of this policy?

RefreshNextRandom

C. Users will be denied all actions except s3;PutObject if multi-factor authentication (MFA) is enabled.
All Home

All Question 409/790


A company has created a VPC with multiple private subnets in multiple Availability Zones (AZs) and one public subnet in one of the AZs. The public subnet is used to launch a NAT gateway. There are instances in the private subnets that use a NAT gateway to connect to the internet. In case of an AZ failure, the company wants to ensure that the instances are not all experiencing internet connectivity issues and that there is a backup plan ready.

Which solution should a solutions architect recommend that is MOST highly available?

RefreshNextRandom

C. Create public subnets in each AZ and launch a NAT gateway in each subnet. Configure the traffic from the private subnets in each AZ to the respective NAT gateway.
All Home

All Question 410/790


A company is using various types of Amazon EC2 On–Demand Instances.

The company suspects that these instances have greater CPU and memory capacity than its workloads require.

Which actions should the company take to obtain recommendations to optimize cost? (Select TWO.)

RefreshNextRandom

A. Use AWS Trusted Advisor for instance type recommendations
D. Use Cost Explorer right sizing recommendations
All Home

All Question 411/790


A development team stores its Amazon RDS MySQL DB instance user name and password credentials in a configuration file. The configuration file is stored as plaintext on the root device volume of the team's Amazon EC2 instance. When the team's application needs to reach the database, it reads the file and loads the credentials into the code. The team has modified the permissions of the configuration file so that only the application can read its content. A solution architect must design a more secure solution.

What should the solutions architect do to meet this requirement?

RefreshNextRandom

D. Move the configuration file to an EC2 instance store, and create an Amazon Machine Image (AMI) of the instance. Launch new instances from this AMI.
All Home

All Question 412/790


A company has developed a database in Amazon RDS for MySQL.

Due to increased support team is reporting slow reads against the DB instance and recommends adding a read replica.

Which combination of actions should a solutions architect take before implementing this change? (Select TWO.)

RefreshNextRandom

C. Allow long-running transactions to complete on the source DB instance.
E. Enable automatic backups on the source instance by settings the backup retention period to a value other than 0.
All Home

All Question 413/790


A company has on–premises servers running a relational database. The current database serves high read traffic for users in different locations. The company wants to migrate to AWS with the least amount of effort.
The database solution should support disaster recovery and not affect the company's current traffic flow.

Which solution meets these requirements?

RefreshNextRandom

A. Use a database in Amazon RDS with Multi-AZ and at least one read replica. References: Enabling data classification for Amazon RDS database with Macie
All Home

All Question 414/790


A company's application is running on Amazon EC2 instances within an Auto Scaling group behind an Elastic Load Balancer. Based on the application's history the company anticipates a spike in traffic during a holiday each year. A solutions architect must design a strategy to ensure that the Auto Scaling group proactively increases capacity to minimize any performance impact on application users.

Which solution will meet these requirements?

RefreshNextRandom

B. Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand.
AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. AWS Auto Scaling refers to a collection of Auto Scaling capabilities across several AWS services. The services within the AWS Auto Scaling family include: Amazon EC2 (known as Amazon EC2 Auto Scaling). Amazon ECS. Amazon DynamoDB. Amazon Aurora. The scaling options define the triggers and when instances should be provisioned/de-provisioned. There are four scaling options: Maintain – keep a specific or minimum number of instances running. Manual – use maximum, minimum, or a specific number of instances. Scheduled – increase or decrease the number of instances based on a schedule. Dynamic – scale based on real-time system metrics (e.g. CloudWatch metrics). The following table describes the scaling options available and when to use them: The scaling options are configured through Scaling Policies which determine when, if, and how the ASG scales and shrinks. The following table describes the scaling policy types available for dynamic scaling policies and when to use them (more detail further down the page): The diagram below depicts an Auto Scaling group with a Scaling policy set to a minimum size of 1 instance, a desired capacity of 2 instances, and a maximum size of 4 instances: Amazon EC2 Auto Scaling supports sending Amazon SNS notifications when the following events occur.
All Home

All Question 415/790


Application developers have noticed that a production application is very slow when business reporting users run large production reports against the Amazon RDS instance backing the application. The CPU and memory utilization metrics for the RDS instance do not exceed 60% while the reporting queries are running.

The business reporting users must be able to generate reports without affecting the application's performance.

Which action will accomplish this?

RefreshNextRandom

D. Create a read replica and connect the business reports to it.
All Home

All Question 416/790


A recent analysis of a company's IT expenses highlights the need to reduce backup costs. The company's chief information officer wants to simplify the on–premises backup infrastructure and reduce costs by eliminating the use of physical backup tapes. The company must preserve the existing investment in the on–premises backup applications and workflows.

What should a solutions architect recommend?

RefreshNextRandom

D. Set up AWS Storage Gateway to connect with the backup applications using the iSCSI-virtual tape library (VTL) interface.
All Home

All Question 417/790


A company has a web application hosted over 10 Amazon CC2 instances with traffic directed by Amazon Route 53.

The company occasionally experiences a timeout error when attempting to browse the application.

The networking team finds that some DNS queries return IP addresses of unhealthy instances, resulting in the timeout error.

What should a solutions architect implement to overcome these timeout errors?

RefreshNextRandom

A. Create a Route 53 simple touting policy record lot each EC2 instance Associate a hearth check with each record
All Home

All Question 418/790


You have been asked to build a database warehouse using Amazon Redshift. You know a little about it, including that it is a SQL data warehouse solution, and uses industry standard ODBC and JDBC connections and PostgreSQL drivers. However you are not sure about what sort of storage it uses for database tables. What sort of storage does Amazon Redshift use for database tables?

RefreshNextRandom

C. Columnar data storage
Amazon Redshift achieves efficient storage and optimum query performance through a combination of massively parallel processing, columnar data storage, and very efficient, targeted data compression encoding schemes. Columnar storage for database tables is an important factor in optimizing analytic query performance because it drastically reduces the overall disk I/O requirements and reduces the amount of data you need to load from disk. References: Amazon Redshift > Database Developer Guide > Columnar storage
All Home

All Question 419/790


A solutions architect needs to host a high performance computing (HPC) workload in the AWS Cloud.

The workload will run on hundreds of Amazon EC2 instances and will require parallel access to a shared file system to enable distributed processing of large datasets. Datasets will be accessed across multiple instances simultaneously.

The workload requires access latency within 1 ms.

After processing has completed, engineer will need access to the dataset for manual postprocessing.

Which solution will meet these requirements?

RefreshNextRandom

A. Use Amazon Elastic File System (Amazon EFS) as a shared file system. Access the dataset from Amazon EFS.
All Home

All Question 420/790


A company relies on an application that needs at least 4 Amazon EC2 instances during regular traffic and must scale up to 12 EC2 instances during peak loads.

The application is critical to the business and must be highly available.

Which solution will meet these requirements?

RefreshNextRandom

C. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 8 and the maximum to 12, with 4 in Availability Zone A and 4 in Availability Zone B
It requires HA and if one AZ is down then at least 4 instances will be active in another AZ which is key for this question.
All Home

All Question 421/790


A web application is deployed in the AWS Cloud. It consists of a two–tier architecture that includes a web layer and a database layer. The web server is vulnerable to cross–site scripting (XSS) attacks.

What should a solutions architect do to remediate the vulnerability?

RefreshNextRandom

C. Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
Working with cross-site scripting match conditions: Attackers sometimes insert scripts into web requests in an effort to exploit vulnerabilities in web applications. You can create one or more cross-site scripting match conditions to identify the parts of web requests, such as the URI or the query string, that you want AWS WAF Classic to inspect for possible malicious scripts. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious scripts. Web Application Firewall: You can now use AWS WAF to protect your web applications on your Application Load Balancers. AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. The AWS Web Application Firewall (WAF) is available on the Application Load Balancer (ALB). You can use AWS WAF directly on Application Load Balancers (both internal and external) in a VPC, to protect your websites and web services. Attackers sometimes insert scripts into web requests in an effort to exploit vulnerabilities in web applications. You can create one or more cross-site scripting match conditions to identify the parts of web requests, such as the URI or the query string, that you want AWS WAF to inspect for possible malicious scripts. CORRECT: "Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF" is the correct answer. INCORRECT: "Create a Classic Load Balancer. Put the web layer behind the load balancer and enable AWS WAF" is incorrect as you cannot use AWS WAF with a classic load balancer. INCORRECT: "Create a Network Load Balancer. Put the web layer behind the load balancer and enable AWS WAF" is incorrect as you cannot use AWS WAF with a network load balancer. INCORRECT: "Create an Application Load Balancer. Put the web layer behind the load balancer and use AWS Shield Standard" is incorrect as you cannot use AWS Shield to protect against XSS attacks. Shield is used to protect against DDoS attacks. References: AWS WAF, AWS Firewall Manager, and AWS Shield Advanced > Developer Guide > Working with cross-site scripting match conditions
All Home

All Question 422/790


A solutions architect must create a highly available bastion host architecture. The solution needs to be resilient within a single AWS Region and should require only minimal effort to maintain.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

D. Create a Network Load Balancer backed by an Auto Scaling with instances in multiple Availability zones as the target.
All Home

All Question 423/790


A company's production application runs online transaction processing (OLTP) transactions on an Amazon RDS MySQL DB instance. The company is launching a new reporting tool that will access the same data.

The reporting tool must be highly available and not impact the performance of the production application.

How can this be achieved?

RefreshNextRandom

B. Create a Multi-AZ RDS Read Replica of the production RDS DB instance.
Amazon RDS Read Replicas Now Support Multi-AZ Deployments Amazon RDS Read Replicas enable you to create one or more read-only copies of your database instance within the same AWS Region or in a different AWS Region. Updates made to the source database are then asynchronously copied to your Read Replicas. In addition to providing scalability for read-heavy workloads, Read Replicas can be promoted to become a standalone database instance when needed. Amazon RDS Multi-AZ deployments provide enhanced availability for database instances within a single AWS Region. With Multi-AZ, your data is synchronously replicated to a standby in a different Availability Zone (AZ). In the event of an infrastructure failure, Amazon RDS performs an automatic failover to the standby, minimizing disruption to your applications. You can now use Read Replicas with Multi-AZ as part of a disaster recovery (DR) strategy for your production databases. A well-designed and tested DR plan is critical for maintaining business continuity after a disaster. A Read Replica in a different region than the source database can be used as a standby database and promoted to become the new production database in case of a regional disruption. You can create a read replica as a Multi-AZ DB instance. Amazon RDS creates a standby of your replica in another Availability Zone for failover support for the replica. Creating your read replica as a Multi-AZ DB instance is independent of whether the source database is a Multi-AZ DB instance. CORRECT: "Create a Multi-AZ RDS Read Replica of the production RDS DB instance" is the correct answer. INCORRECT: "Create a Single-AZ RDS Read Replica of the production RDS DB instance. Create a second Single-AZ RDS Read Replica from the replica" is incorrect. Read replicas are primarily used for horizontal scaling. The best solution for high availability is to use a Multi-AZ read replica. INCORRECT: "Create a cross-region Multi-AZ deployment and create a read replica in the second region" is incorrect as you cannot create a cross-region Multi-AZ deployment with RDS. INCORRECT: "Use Amazon Data Lifecycle Manager to automatically create and manage snapshots" is incorrect as using snapshots is not the best solution for high availability. References: Amazon Relational Database Service > User Guide > What is Amazon Relational Database Service (Amazon RDS)?
All Home

All Question 424/790


A solutions architect is helping a developer design a new eCommerce shopping cart application using AWS services. The developer is unsure of the current database schema and expects to make changes as the eCommerce site grows. The solution needs to be highly resilient and capable of automatically scaling read and write capacity.

Which database solution meets these requirements?

RefreshNextRandom

B. Amazon DynamoDB with on-demand enabled References: Anúncio do Amazon DynamoDB sob demanda
All Home

All Question 425/790


A company is running a highly sensitive application on Amazon EC2 backed by an Amazon RDS database.

Compliance regulations mandate that all personally identifiable information (PII) be encrypted at rest.

Which solution should a solutions architect recommend to meet this requirement with the LEAST amount of changes to the infrastructure?

RefreshNextRandom

D. Configure Amazon Elastic Block Store (Amazon EBS) encryption and Amazon RDS encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes.
All Home

All Question 426/790


A development team is deploying a new product on AWS and is using AWS Lambda as part of the deployment. The team allocates 512 MB of memory for one of the Lambda functions. With this memory allocation, the function is completed in 2 minutes. The function runs millions of times monthly, and the development team is concerned about cost. The team conducts tests to see how different Lambda memory allocations affect the cost of the function.

Which steps will reduce the Lambda costs for the product? (Choose two.)

RefreshNextRandom

A. Increase the memory allocation for this Lambda function to 1,024 MB if this change causes the execution time of each function to be less than 1 minute.
E. Reduce the memory allocation for this Lambda function to 256 MB if this change causes the execution time of each function to be less than 5 minutes.
All Home

All Question 427/790


A company is creating an architecture for a mobile app that requires minimal latency for its users. The company's architecture consists of Amazon EC2 instances behind an Application Load Balancer running in an Auto Scaling group. The EC2 instances connect to Amazon RDS. Application beta testing showed there was a slowdown when reading the data. However the metrics indicate that the EC2 instances do not cross any CPU utilization thresholds.

How can this issue be addressed?

RefreshNextRandom

C. Add read replicas for the RDS instances and direct read traffic to the replica.
All Home

All Question 428/790


An application running on an Amazon EC2 instance needs to access an Amazon DynamoDB table. Both the EC2 instance and the DynamoDB table are in the same AWS account. A solutions architect must configure the necessary permissions.

Which solution will allow least privilege access to the DynamoDB table from the EC2 instance?

RefreshNextRandom

A. Create an IAM role with the appropriate policy to allow access to the DynamoDB table. Create an instance profile to assign this IAM role to the EC2 instance.
All Home

All Question 429/790


A web application runs on Amazon EC2 instances behind an Application Load Balancer. The application allows users to create custom reports of historical weather data. Generating a report can take up to 5 minutes. These long–running requests use many of the available incoming connections, making the system unresponsive to other users.

How can a solutions architect make the system more responsive?

RefreshNextRandom

A. Use Amazon SQS with AWS Lambda to generate reports.
All Home

All Question 430/790


You are migrating an internal server on your DC to an EC2 instance with EBS volume. Your server disk usage is around 500GB so you just copied all your data to a 2TB disk to be used with AWS Import/Export.

Where will the data be imported once it arrives at Amazon?

RefreshNextRandom

B. to an S3 bucket with 2 objects of 1TB
An import to Amazon EBS will have different results depending on whether the capacity of your storage device is less than or equal to 1 TB or greater than 1 TB. The maximum size of an Amazon EBS snapshot is 1 TB, so if the device image is larger than 1 TB, the image is chunked and stored on Amazon S3. The target location is determined based on the total capacity of the device, not the amount of data on the device. References: AWS Snowball
All Home

All Question 431/790


A company's operations team has an existing Amazon S3 bucket configured to notify an Amazon SQS queue when new objects are created within the bucket. The development team also wants to receive events when new objects are created. The existing operations team workflow must remain intact.

Which solution would satisfy these requirements?

RefreshNextRandom

D. Create an Amazon SNS topic and SQS queue for the bucket updates. Update the bucket to send events to the new topic. Add subscriptions for both queues in the topic.
All Home

All Question 432/790


A company observes an increase in Amazon EC2 costs in its most recent bill.

The billing team notices unwanted vertical scaling of instance types for a couple of EC2 instances.

A solutions architect needs to create a graph comparing the last 2 months of EC2 costs and perform an in–depth analysis to identify the root cause of the vertical scaling.

How should the solutions architect generate the information with the LEAST operational overhead?

RefreshNextRandom

C. Use graphs from the AWS Billing and Cost Management dashboard to compare EC2 costs based on instance types for the least 2 months.
All Home

All Question 433/790


A company hosts a popular web application. The web application connects to a database running in a private VPC subnet.

The web servers must be accessible only to customers on an SSL connection.

The Amazon RDS for MySQL database services be accessible only from the web servers.

How should a solution architect design a solution to meet the requirements without impacting applications?

RefreshNextRandom

B. Open an HTTPS port on the security group for web server and set the source to 0. 0. 0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to web server security group.
All Home

All Question 434/790


One of the criteria for a new deployment is that the customer wants to use AWS Storage Gateway. However you are not sure whether you should use gateway–cached volumes or gateway–stored volumes or even what the differences are.

Which statement below best describes those differences?

RefreshNextRandom

A. Gateway-cached lets you store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Gateway-stored enables you to configure your on-premises gateway to store all your data locally and then asynchronously back up point-in-time snapshots of this data to Amazon S3.
Volume gateways provide cloud-backed storage volumes that you can mount as Internet Small Computer System Interface (iSCSI) devices from your on-premises application servers. The gateway supports the following volume configurations: Gateway-cached volumes? You store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Gateway-cached volumes offer a substantial cost savings on primary storage and minimize the need to scale your storage on-premises. You also retain low-latency access to your frequently accessed data. Gateway-stored volumes? If you need low-latency access to your entire data set, you can configure your on-premises gateway to store all your data locally and then asynchronously back up point-in-time snapshots of this data to Amazon S3. This configuration provides durable and inexpensive off-site backups that you can recover to your local data center or Amazon EC2. For example, if you need replacement capacity for disaster recovery, you can recover the backups to Amazon EC2. References: AWS Storage Gateway > User Guide > What is AWS Storage Gateway?
All Home

All Question 435/790


A company has enabled AWS CloudTrail logs to deliver log files to an Amazon S3 bucket for each of its developer accounts. The company has created a central AWS account for streamlining management and audit reviews. An internal auditor needs to access the CloudTrail logs, yet access needs to be restricted for all developer account users. The solution must be secure and optimized.

How should a solutions architect meet these requirements?

RefreshNextRandom

C. Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account. Create an IAM role in the central account for the auditor. Attach an IAM policy providing read only permissions to the bucket. Go to dashboard
All Home

All Question 436/790


Your manager has just given you access to multiple VPN connections that someone else has recently set up between all your company's offices. She needs you to make sure that the communication between the VPNs is secure.

Which of the following services would be best for providing a low–cost hub–and–spoke model for primary or backup connectivity between these remote offices?

RefreshNextRandom

D. AWS VPN CloudHub
If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub. The VPN CloudHub operates on a simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet connections who would like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectivity between these remote offices. References: AWS Site-to-Site VPN > User Guide > Providing secure communication between sites using VPN CloudHub
All Home

All Question 437/790


A company slops a cluster of Amazon EC2 instances over a weekend. The costs decrease, but they do not drop to zero.

Which resources could still be generating costs? (Select TWO.)

RefreshNextRandom

A. Elastic IP addresses
D. Amazon Elastic Block Store (Amazon EBS) volumes
All Home

All Question 438/790


You need to import several hundred megabytes of data from a local Oracle database to an Amazon RDS DB instance. What does AWS recommend you use to accomplish this?

RefreshNextRandom

C. Oracle Data Pump
How you import data into an Amazon RDS DB instance depends on the amount of data you have and the number and variety of database objects in your database. For example, you can use Oracle SQL Developer to import a simple, 20 MB database; you want to use Oracle Data Pump to import complex databases or databases that are several hundred megabytes or several terabytes in size. References: Amazon Relational Database Service > User Guide > Importing data into Oracle on Amazon RDS
All Home

All Question 439/790


A company is developing a new machine learning model solution in AWS. The models are developed as independent microservices that fetch about 1 GB of model data from Amazon S3 at startup and load the data into memory. users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where the result should be sent.

The company provides models to hundreds of users. The usage patterns for the models are irregular. somes models could be unused for days or weeks. other models could receive batches of thousands of requests at a time.

Which solution meets these requirements?

RefreshNextRandom

D. The requests from the API are sent to the model's Amazon simple Queue Service (Amazon SQS) queue. Models are deployed as Amazon Elastics container service ( Amazon ECS) services reading from the queue. AWS Auto Scaling is enabled ECS for both the cluster and copies the service based on the queue size.
All Home

All Question 440/790


A company is designing a new web service that will run on Amazon EC2 instances behind an Elastic Load Balancer. However, many of the web service clients can only reach IP addresses whitelisted on their firewalls.

What should a solutions architect recommend to meet the clients' needs?

RefreshNextRandom

C. An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address
Route 53 routes end users to Internet applications so the correct answer is C. Map one of the whitelisted IP addresses using an A record to the Elastic IP address.
All Home

All Question 441/790


A company uses a legacy on–premises analytics application that operates on gigabytes of .csv files and represents months of data. The legacy application cannot handle the growing size of .csv files. New .csv files are added daily from various data sources to a central on–premises storage location. The company wants to continue to support the legacy application while users learn AWS analytics services. To achieve this, a solutions architect wants to maintain two synchronized copies of all the .csv files on–premises and in Amazon S3.

Which solution should the solutions architect recommend?

RefreshNextRandom

B. Deploy an on-premises file gateway. Configure data sources to write the .csv files to the file gateway. Point the legacy analytics application to the file gateway. The file gateway should replicate the .csv files to Amazon S3.
All Home

All Question 442/790


What is a placement group in Amazon EC2?

RefreshNextRandom

A. It is a group of EC2 instances within a single Availability Zone.
A placement group is a logical grouping of instances within a single Availability Zone. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Placement groups
All Home

All Question 443/790


A new employee has joined a company as a deployment engineer. The deployment engineer will be using AWS CloudFormation templates to create multiple AWS resources. A solutions architect wants the deployment engineer to perform job activities while following the principle of least privilege.

Which combination of actions should the solutions architect take to accomplish this goal? (Choose two.)

RefreshNextRandom

A. Have the deployment engineer use AWS account root user credentials for performing AWS CloudFormation stack operations.
E. Create an IAM role for the deployment engineer to explicitly define the permissions specific to the AWS CloudFormation stack and launch stacks using Dial IAM role.
All Home

All Question 444/790


An online retailer has a series of flash sales occurring every Friday.

Sales Traffic will increase during the sales only and the platform will handle the increased load. The platform is a three–tier application. The web tier runs on Amazon EC2 instances behind an Application Load Balancer.

Amazon CloudFront is used to reduce web server load, but many requests for dynamic content must go to the web servers.

What should be done to the web tier to reduce costs without impacting performance or reliability?

RefreshNextRandom

A. Use T-series instances
All Home

All Question 445/790


A company maintains about 300 TB in Amazon S3 Standard storage month after month. The S3 objects are each typically around 50 GB in size and are frequently replaced with multipart uploads by their global application. The number and size of S3 objects remain constant but the company's S3 storage costs are increasing each month.

How should a solutions architect reduce costs in this situation?

RefreshNextRandom

B. Enable an S3 Lifecycle policy that deletes incomplete multipart uploads
All Home

All Question 446/790


A company currently operates a web application backed by an Amazon RDS MySQL database. It has automated backups that are run daily and are not encrypted. A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed. The company will make at least one encrypted backup before destroying the old backups.

What should be done to enable encryption for future backups?

RefreshNextRandom

C. Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the encrypted snapshot.
However, because you can encrypt a copy of an unencrypted DB snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance. DB instances that are encrypted can't be modified to disable encryption. You can't have an encrypted read replica of an unencrypted DB instance or an unencrypted read replica of an encrypted DB instance. Encrypted read replicas must be encrypted with the same key as the source DB instance when both are in the same AWS Region. You can't restore an unencrypted backup or snapshot to an encrypted DB instance. To copy an encrypted snapshot from one AWS Region to another, you must specify the KMS key identifier of the destination AWS Region. This is because KMS encryption keys are specific to the AWS Region that they are created in. Amazon RDS uses snapshots for backup. Snapshots are encrypted when created only if the database is encrypted and you can only select encryption for the database when you first create it. In this case the database, and hence the snapshots, ad unencrypted. However, you can create an encrypted copy of a snapshot. You can restore using that snapshot which creates a new DB instance that has encryption enabled. From that point on encryption will be enabled for all snapshots. CORRECT: "Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the encrypted snapshot" is the correct answer. INCORRECT: "Enable an encrypted read replica on RDS for MySQL. Promote the encrypted read replica to primary. Remove the original database instance" is incorrect as you cannot create an encrypted read replica from an unencrypted master. INCORRECT: "Modify the backup section of the database configuration to toggle the Enable encryption check box" is incorrect as you cannot add encryption for an existing database. INCORRECT: "Enable default encryption for the Amazon S3 bucket where backups are stored" is incorrect because you do not have access to the S3 bucket in which snapshots are stored. References: Amazon Relational Database Service > User Guide > Encrypting Amazon RDS resources
All Home

All Question 447/790


An engineering team is developing and deploying AWS Lambda functions. The team needs to create roles and manage policies in AWS IAM to configure the permissions of the Lambda functions.

How should the permissions for the team be configured so they also adhere to the concept of least privilege?

RefreshNextRandom

A. Create an IAM role with a managed policy attached. Allow the engineering team and the Lambda functions to assume this role.
All Home

All Question 448/790


A company has an on–premises data center that is running out of storage capacity. The company wants to migrate its storage infrastructure to AWS while minimizing bandwidth costs. The solution must allow for immediate retrieval of data at no additional cost.

How can these requirements be met?

RefreshNextRandom

C. Deploy AWS Storage Gateway using stored volumes to store data locally. Use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3.
Volume Gateway provides an iSCSI target, which enables you to create block storage volumes and mount them as iSCSI devices from your on-premises or EC2 application servers. The Volume Gateway runs in either a cached or stored mode: In the cached mode, your primary data is written to S3, while retaining your frequently accessed data locally in a cache for low-latency access. In the stored mode, your primary data is stored locally and your entire dataset is available for low-latency access while asynchronously backed up to AWS.
All Home

All Question 449/790


A company has a website deployed on AWS. The database backend is hosted on Amazon RDS for MySQL with a primary instance and five read replicas to support scaling needs. The read replicas should lag no more than 1 second behind the primary instance to support the user experience.

As traffic on the website continues to increase, the replicas are falling further behind during periods of peak load, resulting in complaints from users when searches yield inconsistent results. A solutions architect needs to reduce the replication lag as much as possible, with minimal changes to the application code or operational requirements.

Which solution meets these requirements?

RefreshNextRandom

B. Deploy an Amazon ElastiCache for Redis cluster in front of the database. Modify the website to check the cache before querying the database read endpoints.
All Home

All Question 450/790


An entertainment company is using Amazon DynamoDB to store media metadata. The application is read intensive and experiencing delays.

The company does not have staff to handle additional operational overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the application.

What should a solutions architect recommend to meet this requirement?

RefreshNextRandom

B. Use Amazon DynamoDB Accelerate (DAX)
All Home

All Question 451/790


A company hosts a training site on a fleet of Amazon EC2 instances.

The company anticipates that its new course, which consists of dozens of training videos on the site, will be extremely popular when it is released in 1 week.

What should a solutions architect do to minimize the anticipated server load?

RefreshNextRandom

C. Store the videos in an Amazon S3 bucket. Create an Amazon CloudFlight distribution with an origin access identity (OAI) of that S3 bucket. Restrict Amazon S3 access to the OAI.
All Home

All Question 452/790


A company recently implemented hybrid cloud connectivity using AWS Direct Connect and is migrating data to Amazon S3. The company is looking for a fully managed solution that will automate and accelerate the replication of data between the on–premises storage systems and AWS storage services.

Which solution should a solutions architect recommend to keep the data private?

RefreshNextRandom

A. Deploy an AWS DataSync agent for the on-premises environment. Configure a sync job to replicate the data and connect it with an AWS service endpoint.
You can use AWS DataSync with your Direct Connect link to access public service endpoints or private VPC endpoints. When using VPC endpoints, data transferred between the DataSync agent and AWS services does not traverse the public internet or need public IP addresses, increasing the security of data as it is copied over the network.
All Home

All Question 453/790


An application running on AWS Lambda requires an API key to access a third–party service. The key must be stored securely with audited access to the Lambda function only.

What is the MOST secure way to store the key?

RefreshNextRandom

B. As a secure siring in AWS Systems Manager Parameter Store.
All Home

All Question 454/790


A company is using Amazon Route 53 latency–based routing to route requests to its UDP–based application for users around the world. The application is hosted on redundant servers in the company's on–premises data centers in the United States, Asia, and Europe. The company's compliance requirements state that the application must be hosted on–premises. The company wants to improve the performance and availability of the application.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Configure three Network Load Balancers (NLBs) in the three AWS Regions to address the on-premises endpoints. In Route 53, create a latency-based record that points to the three NLBs, and use it as an origin for an Amazon CloudFront distribution. Provide access to the application by using a CNAME that points to the CloudFront DNS.
All Home

All Question 455/790


A company has a Microsoft NET application that runs on an on–premises Windows Server. The application stores data by using an Oracle Database Standard Edition server.

The company is planning a migration to AWS and wants to minimize development changes while moving the application.

The AWS application environment should be highly available.

Which combination of actions should the company take to meet these requirements? (Select TWO)

RefreshNextRandom

A. Refactor the application as serverless with AWS Lambda functions running NET Core
E. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment
All Home

All Question 456/790


A security team to limit access to specific services or actions in all of the team's AWS accounts. All accounts belong to a large organization in AWS Organizations. The solution must be scalable and there must be a single point where permissions can be maintained.

What should a solutions architect do to accomplish this?

RefreshNextRandom

D. Create a service control policy in the root organizational unit to deny access to the services or actions.
Service Control Policy concepts SCPs offer central access controls for all IAM entities in your accounts. You can use them to enforce the permissions you want everyone in your business to follow. Using SCPs, you can give your developers more freedom to manage their own permissions because you know they can only operate within the boundaries you define. You create and apply SCPs through AWS Organizations. When you create an organization, AWS Organizations automatically creates a root, which forms the parent container for all the accounts in your organization. Inside the root, you can group accounts in your organization into organizational units (OUs) to simplify management of these accounts. You can create multiple OUs within a single organization, and you can create OUs within other OUs to form a hierarchical structure. You can attach SCPs to the organization root, OUs, and individual accounts. SCPs attached to the root and OUs apply to all OUs and accounts inside of them. SCPs use the AWS Identity and Access Management (IAM) policy language; however, they do not grant permissions. SCPs enable you set permission guardrails by defining the maximum available permissions for IAM entities in an account. If a SCP denies an action for an account, none of the entities in the account can take that action, even if their IAM permissions allow them to do so. The guardrails set in SCPs apply to all IAM entities in the account, which include all users, roles, and the account root user. Service control policies (SCPs) offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization's access control guidelines. SCPs alone are not sufficient for allowing access in the accounts in your organization. Attaching an SCP to an AWS Organizations entity (root, OU, or account) defines a guardrail for what actions the principals can perform. You still need to attach identity-based or resource-based policies to principals or resources in your organization's accounts to actually grant permissions to them. CORRECT: "Create a service control policy in the root organizational unit to deny access to the services or actions" is the correct answer. INCORRECT: "Create an ACL to provide access to the services or actions" is incorrect as access control lists are not used for permissions associated with IAM. Permissions policies are used with IAM. INCORRECT: "Create a security group to allow accounts and attach it to user groups" is incorrect as security groups are instance level firewalls. They do not limit service actions. INCORRECT: "Create cross-account roles in each account to deny access to the services or actions" is incorrect as this is a complex solution and does not provide centralized control. References: AWS Organizations > User Guide > Service control policies (SCPs)
All Home

All Question 457/790


A solutions architect is designing the architecture of a new application being deployed to the AWS Cloud.

The application will run on Amazon EC2 On–Demand Instances and will automatically scale across multiple Availability Zones. The EC2 instances will scale up and down frequently throughout the day. An Application Load Balancer (ALB) will handle the load distribution. The architecture needs to support distributed session data management. The company is willing to make changes to code if needed.

What should the solutions architect do to ensure that the architecture supports distributed session data management?

RefreshNextRandom

A. Use Amazon ElastiCache to manage and store session data.
All Home

All Question 458/790


A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML, CSS, client–side JavaScript, and images.

Which method is the MOST cost–effective for hosting the website?

RefreshNextRandom

B. Create an Amazon S3 bucket and host the website there.
All Home

All Question 459/790


A company has multiple applications that use Amazon RDS for MySQL as is database. The company recently discovered that a new custom reporting application has increased the number of Queries on the database. This is slowing down performance.

How should a solutions architect resolve this issue with the LEAST amount of application changes?

RefreshNextRandom

D. Use caching on Amazon RDS to improve the overall performance.
All Home

All Question 460/790


A company that develops web applications has launched hundreds of Application Load Balancers (ALBs) in multiple Regions. The company wants to create an allow list (or the IPs of all the load balancers on its firewall device. A solutions architect is looking for a one–time, highly available solution to address this request, which will also help reduce the number of IPs that need to be allowed by the firewall.

What should the solutions architect recommend to meet these requirements?

RefreshNextRandom

C. Launch AWS Global Accelerator and create endpoints for all the Regions. Register all the ALBs in different Regions to the corresponding endpoints.
All Home

All Question 461/790


A gaming company has multiple Amazon EC2 instances in a single Availability Zone for its multiplayer game that communicates with users on Layer 4. The chief technology officer (CTO) wants to make the architecture highly available and cost–effective.
What should a solutions architect do to meet these requirements? (Choose two.)?

RefreshNextRandom

C. Configure a Network Load Balancer in front of the EC2 instances.
E. Configure an Auto Scaling group to add or remove instances in multiple Availability Zones automatically.
Network Load Balancer overview: A Network Load Balancer functions at the fourth layer of the Open Systems Interconnection (OSI) model. It can handle millions of requests per second. After the load balancer receives a connection request, it selects a target from the target group for the default rule. It attempts to open a TCP connection to the selected target on the port specified in the listener configuration. When you enable an Availability Zone for the load balancer, Elastic Load Balancing creates a load balancer node in the Availability Zone. By default, each load balancer node distributes traffic across the registered targets in its Availability Zone only. If you enable cross-zone load balancing, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones. For more information, see Availability Zones. If you enable multiple Availability Zones for your load balancer and ensure that each target group has at least one target in each enabled Availability Zone, this increases the fault tolerance of your applications. For example, if one or more target groups does not have a healthy target in an Availability Zone, we remove the IP address for the corresponding subnet from DNS, but the load balancer nodes in the other Availability Zones are still available to route traffic. If a client doesn't honor the time-to-live (TTL) and sends requests to the IP address after it is removed from DNS, the requests fail. For TCP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, destination port, and TCP sequence number. The TCP connections from a client have different source ports and sequence numbers, and can be routed to different targets. Each individual TCP connection is routed to a single target for the life of the connection. For UDP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, and destination port. A UDP flow has the same source and destination, so it is consistently routed to a single target throughout its lifetime. Different UDP flows have different source IP addresses and ports, so they can be routed to different targets. An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service. The size of an Auto Scaling group depends on the number of instances that you set as the desired capacity. You can adjust its size to meet demand, either manually or by using automatic scaling. An Auto Scaling group starts by launching enough instances to meet its desired capacity. It maintains this number of instances by performing periodic health checks on the instances in the group. The Auto Scaling group continues to maintain a fixed number of instances even if an instance becomes unhealthy. If an instance becomes unhealthy, the group terminates the unhealthy instance and launches another instance to replace it. The solutions architect must enable high availability for the architecture and ensure it is cost- effective. To enable high availability an Amazon EC2 Auto Scaling group should be created to add and remove instances across multiple availability zones. In order to distribute the traffic to the instances the architecture should use a Network Load Balancer which operates at Layer 4. This architecture will also be cost-effective as the Auto Scaling group will ensure the right number of instances are running based on demand. CORRECT: "Configure a Network Load Balancer in front of the EC2 instances" is a correct answer. CORRECT: "Configure an Auto Scaling group to add or remove instances in multiple Availability Zones automatically" is also a correct answer. INCORRECT: "Increase the number of instances and use smaller EC2 instance types" is incorrect as this is not the most cost-effective option. Auto Scaling should be used to maintain the right number of active instances. INCORRECT: "Configure an Auto Scaling group to add or remove instances in the Availability Zone automatically" is incorrect as this is not highly available as it's a single AZ. INCORRECT: "Configure an Application Load Balancer in front of the EC2 instances" is incorrect as an ALB operates at Layer 7 rather than Layer 4. References: Amazon EC2 Auto Scaling > User Guide > Elastic Load Balancing and Amazon EC2 Auto Scaling
All Home

All Question 462/790


A company is deploying an application in three AWS Regions using an Application Load Balancer Amazon Route 53 will be used to distribute traffic between these Regions.

Which Route 53 configuration should a solutions architect use to provide the MOST high–performing experience?

RefreshNextRandom

A. Create an A record with a latency policy.
All Home

All Question 463/790


A disaster response team is using drones to collect images of recent storm damage. The response team's laptops lack the storage and compute capacity to transfer the images and process the data. While the team has Amazon EC2 instances for processing and Amazon S3 buckets for storage, network connectivity is intermittent and unreliable. The images need to be processed to evaluate the damage.

What should a solutions architect recommend?

RefreshNextRandom

A. Use AWS Snowball Edge devices to process and store the images.

CORRECT: "Use AWS Snowball Edge devices to process the data locally" is the correct answer.
INCORRECT: "Upload the data to Amazon SQS in batches and process the messages using Amazon EC2 instances" is incorrect. The internet connectivity is unreliable so this could result in data loss and delays for the team.
INCORRECT: "Configure Amazon Kinesis Data Firehose to load data directly to a Snowball device and process locally with Lambda@Edge" is incorrect. KDF cannot load data to Snowball devices and Lambda@Edge is used with CloudFront for processing data.
INCORRECT: "Use AWS DataSync on the scientists’ laptops to synchronize the data to Amazon S3. Process the data with Amazon EC2 instances" is incorrect. Due to the unreliable connectivity this does not solve the problem.
https://aws.amazon.com/blogs/storage/hurricane-dorian-disaster-response-in-the-bahamas-using-aws-snowball-edge/
All Home

All Question 464/790


A company hosts an online shopping application that stores all orders in an Amazon RDS for PostgreSQL Single–AZ DB instance.

Management wants to eliminate single points of failure and has asked a solutions architect to recommend an approach to minimize database downtime without requiring any changes to the application code.

Which solution meets these requirements?

RefreshNextRandom

A. Convert the existing database instance to a Multi-AZ deployment by modifying the database instance and specifying the Multi-AZ option.
All Home

All Question 465/790


A company's lease of a co–located storage facility will expire in 90 days. The company wants to move to AWS to avoid signing a contract extension. The company's environment consists of 200 virtual machines and a NAS with 40 TB of data. Most of the data is archival, yet instant access is required when data is requested.

Leadership wants to ensure minimal downtime during the migration. Each virtual machine has a number of customized configurations. The company's existing 1 Gbps network connection is mostly idle, especially after business hours.

Which combination of steps should the company take to migrate to AWS while minimizing downtime and operational impact? (Select TWO)

RefreshNextRandom

B. Use AWS SMS to migrate the virtual machines.
C. Use AWS Storage Gateway to migrate the data to cloud-native storage.
All Home

All Question 466/790


A company has created an isolated backup of its environment in another Region. The application is running in warm standby mode and is fronted by an Application Load Balancer (ALB). The current failover process is manual and requires updating a DNS alias record to point to the secondary ALB in another Region. What should a solutions architect do to automate the failover process?

RefreshNextRandom

C. Crate an CNAME record on Amazon Route 53 pointing to the ALB endpoint. References: How do I use Route 53 health checks for DNS failover?
All Home

All Question 467/790


A company is planning to migrate its virtual server–based workloads to AWS. The company has internet facing load balancers backed by application servers. The application servers rely on patches from an internet–hosted repository.

Which services should a solutions architect recommend be hosted on the public subnet? (Choose two.)

RefreshNextRandom

A. NAT gateway
C. Application Load Balancers
All Home

All Question 468/790


A company's legacy application is currently relying on a single–instance Amazon RDS MySQL database without encryption. Due to new compliance requirements, all existing and new data in this database must be encrypted.

How should this be accomplished?

RefreshNextRandom

C. Take a Snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.
How do I encrypt Amazon RDS snapshots? The following steps are applicable to Amazon RDS for MySQL, Oracle, SQL Server, PostgreSQL, or MariaDB. Important: If you use Amazon Aurora, you can restore an unencrypted Aurora DB cluster snapshot to an encrypted Aurora DB cluster if you specify an AWS Key Management Service (AWS KMS) encryption key when you restore from the unencrypted DB cluster snapshot. For more information, see Limitations of Amazon RDS Encrypted DB Instances. Open the Amazon RDS console, and then choose Snapshots from the navigation pane. Select the snapshot that you want to encrypt. Under Snapshot Actions, choose Copy Snapshot. Choose your Destination Region, and then enter your New DB Snapshot Identifier. Change Enable Encryption to Yes. Select your Master Key from the list, and then choose Copy Snapshot. After the snapshot status is available, the Encrypted field will be True to indicate that the snapshot is encrypted. You now have an encrypted snapshot of your DB. You can use this encrypted DB snapshot to restore the DB instance from the DB snapshot.
All Home

All Question 469/790


A company wants to use high performance computing (HPC) infrastructure on AWS for financial risk modeling. The company's HPC workloads run on Linux. Each HPC workflow runs on hundreds of AmazonEC2 Spot Instances, is short–lived, and generates thousands of output files that are ultimately stored in persistent storage for analytics and long–term future use.

The company seeks a cloud storage solution that permits the copying of on–premises data to long–term persistent storage to make data available for processing by all EC2 instances. The solution should also be a high performance file system that is integrated with persistent storage to read and write datasets and output files.

Which combination of AWS services meets these requirements?

RefreshNextRandom

A. Amazon FSx for Lustre integrated with Amazon S3
All Home

All Question 470/790


A solution architect is performing a security review of a recently migrated workload. The workload is a web application that consists of Amazon EC2 instances in an Auto Scaling group behind an Application Load balancer. The solution architect must improve the security posture and minimize the impact of a DDoS attack on resources.

Which solution is MOST effective?

RefreshNextRandom

A. Configure an AWS WAF ACL with rate-based rules Create an Amazon CloudFront distribution that points to the Application Load Balancer. Enable the EAF ACL on the CloudFront distribution
All Home

All Question 471/790


A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission to access Amazon S3?

RefreshNextRandom

B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition.
All Home

All Question 472/790


A user wants to use an EBS–backed Amazon EC2 instance for a temporary job. Based on the input data, the job is most likely to finish within a week. Which of the following steps should be followed to terminate the instance automatically once the job is finished?

RefreshNextRandom

C. Configure the CloudWatch alarm on the instance that should perform the termination action once the instance is idle.
Auto Scaling can start and stop the instance at a pre-defined time. Here, the total running time is unknown. Thus, the user has to use the CloudWatch alarm, which monitors the CPU utilization. The user can create an alarm that is triggered when the average CPU utilization percentage has been lower than 10 percent for 24 hours, signaling that it is idle and no longer in use. When the utilization is below the threshold limit, it will terminate the instance as a part of the instance action. References: Amazon CloudWatch > User Guide > Create alarms to stop, terminate, reboot, or recover an EC2 instance
All Home

All Question 473/790


A company uses on–premises servers to host its applications. The company is running out of storage capacity. The applications use both block storage and NFS storage. The company needs a high–performing solution that supports local caching without re–architecting its existing applications.

Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

RefreshNextRandom

D. Deploy an AWS Storage Gateway volume gateway to replace the block storage.
E. Deploy Amazon Elastic Fife System (Amazon EFS) volumes and mount them to on-premises servers.
All Home

All Question 474/790


A company provides an API to its users that automates inquiries for tax computations based on item prices.

The company experiences a larger number of inquiries during the holiday season only that cause slower response times. A solutions architect needs to design a solution that is scalable and elastic.

What should the solutions architect do to accomplish this?

RefreshNextRandom

B. Design a REST API using Amazon API Gateway that accepts the item names. API Gateway passes item names to AWS Lambda for tax computations.
All Home

All Question 475/790


A company has an API–based inventory reporting application running on Amazon EC2 instances. The application stores information in an Amazon DynamoDB table. The company's distribution centers have an on–premises shipping application that calls an API to update the inventory before printing shipping labels.

The company has been experiencing application interruptions several times each day, resulting in lost transactions.

What should a solutions architect recommend to improve application resiliency?

RefreshNextRandom

A. Modify the shipping application to write to a local database.
All Home

All Question 476/790


A company is preparing to launch a public–facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third party service is used for the DNS. The company's solutions architect must recommend a solution to detect and protect against largescale DDoS attacks.

Which solution meets these requirements?

RefreshNextRandom

C. Enable AWS Shield and assign Amazon Route 53 to it.
All Home

All Question 477/790


A company has migrated an on–premises Oracle database to an Amazon RDS for Oracle Multi–AZ DB instance in the us–east–l Region. A solutions architect is designing a disaster recovery strategy to have the database provisioned in the us–west–2 Region in case the database becomes unavailable in the us–east–1 Region. The design must ensure the database is provisioned in the us–west–2 Region in a maximum of 2 hours, with a data loss window of no more than 3 hours.

How can these requirements be met?

RefreshNextRandom

B. Select the multi-Region option to provision a standby instance in us-west-2. The standby instance will be automatically promoted to master in us-west-2 in case the disaster recovery environment needs to be created.
All Home

All Question 478/790


A company requires that all versions of objects in its Amazon S3 bucket be retained. Current object versions will be frequently accessed during the first 30 days, after which they will be rarely accessed and must be retrievable within 5 minutes. Previous object versions need to be kept forever, will be rarely accessed, and can be retrieved within 1 week. All storage solutions must be highly available and highly durable.

What should a solutions architect recommend to meet these requirements in the MOST cost–effective manner?

RefreshNextRandom

A. Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 Glacier after 30 days and moves previous object versions to S3 Glacier after 1 day.
All Home

All Question 479/790


An application generates audit logs of operational activities. Compliance requirements mandate that the application retain the logs for 5 years.

How can these requirements be met?

RefreshNextRandom

C. Save the logs in an Amazon Glacier vault and use the Vault Lock feature.
Amazon Glacier, which enables long-term storage of mission-critical data, has added Vault Lock. This new feature allows you to lock your vault with a variety of compliance controls that are designed to support such long-term records retention.
All Home

All Question 480/790


A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis. An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.

Which action will MOST securely grant the EC2 instance access to the S3 bucket?

RefreshNextRandom

C. Associate an IAM role with least privilege permissions to the EC2 instance profile.
Keyword: Privilege Permission + IAM Role AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users. IAM roles for Amazon EC2 Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances. For example, you can securely distribute your AWS credentials to the instances, enabling the applications on those instances to use your credentials to sign requests, while protecting your credentials from other users. However, it's challenging to securely distribute credentials to each instance, especially those that AWS creates on your behalf, such as Spot Instances or instances in Auto Scaling groups. You must also be able to update the credentials on each instance when you rotate your AWS credentials. We designed IAM roles so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles as follows: Create an IAM role. Define which accounts or AWS services can assume the role. Define which API actions and resources the application can use after assuming the role. Specify the role when you launch your instance, or attach the role to an existing instance. Have the application retrieve a set of temporary credentials and use them. For example, you can use IAM roles to grant permissions to applications running on your instances that need to use a bucket in Amazon S3. You can specify permissions for IAM roles by creating a policy in JSON format. These are similar to the policies that you create for IAM users. If you change a role, the change is propagated to all instances. When creating IAM roles, associate least privilege IAM policies that restrict access to the specific API calls the application requires. References: AWS Identity and Access Management (IAM) FAQs Amazon Elastic Compute Cloud > User Guide for Linux Instances > IAM roles for Amazon EC2
All Home

All Question 481/790


A company has a custom application with embedded credentials that retrieves information from an Amazon RDS MySQL DB instance. Management says the application must be made more secure with the least amount of programming effort.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

D. Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Systems Manager Parameter Store. Configure the application to load the database credentials from Parameter Store. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Parameter Store.
All Home

All Question 482/790


A company has an application that is hosted on Amazon EC2 instances in two private subnets. A solutions architect must make the application available on the public internet with the least amount of administrative effort.

What should the solutions architect recommend?

RefreshNextRandom

C. Create an Amazon Machine Image (AMI) of the instances in the private subnet and restore in the public subnet. Create a load balancer and associate two public subnets from the same Availability Zones as the public instances.
All Home

All Question 483/790


A company hosts an application on multiple Amazon EC2 instances. The application processes messages from an Amazon SQS queue, writes for an Amazon RDS table, and deletes the message from the queue. Occasional duplicate records are found in the RDS table. The SQS queue does not contain any duplicate messages.

What should a solutions architect do to ensure messages are being processed once only?

RefreshNextRandom

D. Use the ChangeMessageVisibility API call to increase the visibility timeout.
Keyword: SQS queue writes to an Amazon RDS From this, Option D best suite & other Options ruled out [Option A – You can't introduce one more Queue in the existing one; Option B – only Permission & Option C – Only Retrieves Messages] FIFO queues are designed to never introduce duplicate messages. However, your message producer might introduce duplicates in certain scenarios: for example, if the producer sends a message, does not receive a response, and then resends the same message. Amazon SQS APIs provide deduplication functionality that prevents your message producer from sending duplicates. Any duplicates introduced by the message producer are removed within a 5-minute deduplication interval. For standard queues, you might occasionally receive a duplicate copy of a message (at least once delivery). If you use a standard queue, you must design your applications to be idempotent (that is, they must not be affected adversely when processing the same message more than once). CreateQueue – You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. AddPermission – You create a queue, you have full control access rights for the queue. Only you, the owner of the queue, can grant or deny permissions to the queue. ReceiveMessage – Retrieves one or more messages (up to 10), from the specified queue. FIFO queues provide exactly-once processing, which means that each message is delivered once and remains available until a consumer processes it and deletes it. References: Amazon Simple Queue Service Amazon SQS FAQs Amazon Simple Queue Service > Developer Guide > What is Amazon Simple Queue Service?
All Home

All Question 484/790


A recently acquired company is required to build its own infrastructure on AWS and migrate multiple applications to the cloud within a month. Each application has approximately 50 TB of data to be transferred. After the migration is complete, this company and its parent company will both require secure network connectivity with consistent throughput from their data centers to the applications. A solutions architect must ensure one–time data migration and ongoing network connectivity.

Which solution will meet these requirements?

RefreshNextRandom

C. AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity.
"Each application has approximately 50 TB of data to be transferred" = AWS Snowball; "secure network connectivity with consistent throughput from their data centers to the applications" What are the benefits of using AWS Direct Connect and private network connections? In many circumstances, private network connections can reduce costs, increase bandwidth, and provide a more consistent network experience than Internet-based connections. "more consistent network experience", hence AWS Direct Connect. Direct Connect is better than VPN; reduced cost+increased bandwith+(remain connection or consistent network) = direct connect
All Home

All Question 485/790


A company's web application is running on Amazon EC2 instances behind an Application Load Balancer.

The company recently changed its policy, which now requires the application to be accessed from one specific country only.

Which configuration will meet this requirement?

RefreshNextRandom

C. Configure AWS WAF on the Application Load Balancer in a VPC. References: AWS Security Blog > How to use AWS WAF to filter incoming traffic from embargoed countries
All Home

All Question 486/790


A company has developed a new video game as a web application. The application is in a three–tier architecture in a VPC with Amazon RDS for MySQL. In the database layer several players will compete concurrently online. The game's developers want to display a top–10 scoreboard in near–real–time and offer the ability to stop and restore the game while preserving the current scores.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

D. Create a read replica on Amazon RDS for MySQL to run queries to compute the scoreboard and serve the read traffic to the web application.
All Home

All Question 487/790


A company's near–real–time streaming application is running on AWS. As the data is ingested, a job runs on the data and takes 30 minutes to complete. The workload frequently experiences high latency due to large amounts of incoming data. A solutions architect needs to design a scalable and serverless solution to enhance performance.

Which combination of steps should the solutions architect take? (Choose two.)

RefreshNextRandom

A. Use Amazon Kinesis Data Firehose to ingest the data.
E. Use AWS Fargate with Amazon Elastic Container Service (Amazon ECS) to process the data.
All Home

All Question 488/790


A company is planning to make a series of schema changes to tables on its Amazon Aurora DB cluster.

A solutions architect needs to test the changes in the most cost–effective manner possible.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

A. Create a clone of the current Aurora DB cluster. Perform the schema changes on the clone. Once the changes are tested and performance is acceptable, apply the same changes on the original cluster. Delete the clone.
All Home

All Question 489/790


A company needs to store 160TB of data for an indefinite of time. The company must be able to use standard SQL and business intelligence tools to query all of the data. The data will be queried no more than twice each month.

What is the MOST cost–effective solution that meets these requirements?

RefreshNextRandom

D. Store the data in an Amazon EMR cluster with EMR File System (EMRFS) as the storage layer use Apache Presto to query the data.
All Home

All Question 490/790


A company is building an application on Amazon EC2 instances that generates temporary transactional data. The application requires access to data storage that can provide configurable and consistent IOPS.

What should a solutions architect recommend?

RefreshNextRandom

C. Provision an EC2 instance with a General Purpose SSD (gp2) root volume and Provisioned IOPS SSD (io1) data volume.
All Home

All Question 491/790


A company is building an online multiplayer game. The game communicates by using UDP, and low latency between the client and the backend is important. The backend is hosted on Amazon EC2 instances that can be deployed to multiple AWS Regions to meet demand. The company needs the game to be highly available so that users around the world can access the game at all times.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Deploy Amazon CloudFront to support an origin access identity (OAI). Associate the OAI with EC2 instances in each Region to support global traffic.
All Home

All Question 492/790


A company's dynamic website is hosted using on–premises servers in the United States. The company is launching its product in Europe, and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed.

What should the solutions architect recommend?

RefreshNextRandom

C. Use Amazon CloudFront with a custom origin pointing to the on-premises servers.
All Home

All Question 493/790


A company runs a high performance computing (HPC) workload on AWS. The workload required low latency network performance and high network throughput with tightly coupled node–to–node communication. The Amazon EC2 instances are properly sized for compute and storage capacity, and are launched using default options.

What should a solutions architect propose to improve the performance of the workload?

RefreshNextRandom

A. Choose a cluster placement group while launching Amazon EC2 instances.
All Home

All Question 494/790


A media company stores video content in an Amazon Elastic Block Store (Amazon EBS) volume. A certain video files has become popular and a large number of user across the world are accessing this content.

This has resulted in a cost increase.

Which action will DECREASE cost without compromising user accessibility?

RefreshNextRandom

B. Store the video in an Amazon S3 bucket and create and Amazon CloudFront distribution
All Home

All Question 495/790


A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet.

Which capability should the solutions architect use to meet the compliance requirements?

RefreshNextRandom

A. AWS Key Management Service (AWS KMS) References: Amazon VPC FAQs
All Home

All Question 496/790


A company with facilities in North America, Europe, and Asia is designing new distributed application to optimize its global supply chain and manufacturing process. The orders booked on one continent should be visible to all Regions in a second or less. The database should be able to support failover with a short Recovery Time Objective (RTO). The uptime of the application is important to ensure that manufacturing is not impacted.

What should a solutions architect recommend?

RefreshNextRandom

B. Use Amazon Aurora Global Database.
Cross-Region Disaster Recovery: If your primary region suffers a performance degradation or outage, you can promote one of the secondary regions to take read/write responsibilities. An Aurora cluster can recover in less than 1 minute even in the event of a complete regional outage. This provides your application with an effective Recovery Point Objective (RPO) of 1 second and a Recovery Time Objective (RTO) of less than 1 minute, providing a strong foundation for a global business continuity plan.
All Home

All Question 497/790


A company has a 10 Gbps AWS Direct Connect connection from its on–premises servers to AWS. The workloads using the connection are critical. The company requires a disaster recovery strategy with maximum resiliency that maintains the current connection bandwidth at a minimum.

What should a solutions architect recommend?

RefreshNextRandom

C. Set up two new Direct Connect connections: one in the current AWS Region and one in another Region.
All Home

All Question 498/790


A company is implementing new data retention policies for all databases that run on Amazon RDS DB instances. The company must retain daily backups for a minimum period of 2 years. The backups must be consistent and restorable.

Which solution should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Create a backup vault in AWS Backup to retain RDS backups. Create a new backup plan with a daily schedule and an expiration period of 2 years after creation. Assign the RDS DB instances to the backup plan. Configure a backup window for the RDS DB Instances for daily snapshots. Assign a snapshot retention policy of 2 years to each RDS DB instance. Use Amazon Data Lifecycle Manager (Amazon DLM)
All Home

All Question 499/790


A company hosts its website on Amazon S3. The website serves petabytes of outbound traffic monthly, which accounts for most of the company's AWS costs. What should a solutions architect do to reduce costs?

RefreshNextRandom

A. Configure Amazon CloudFront with the existing website as the origin.
A textbook case for CloudFront. The data transfer cost in CloudFront is lower than in S3. With heavy read operations of static content, it's more economical to add CloudFront in front of your S3 bucket. https://pupuweb.com/aws-saa-c02-actual-exam-question-answer-dumps-2/10/3
All Home

All Question 500/790


A company runs analytics software on Amazon EC2 instances.

The software accepts job requests from users to process data that has been uploaded to Amazon S3.

Users report that some submitted data is not being processed Amazon CloudWatch reveals that the EC2 instances have a consistent CPU utilization at or near 100%.

The company wants to improve system performance and scale the system based on user load. What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Create a copy of the instance. Place all instances behind an Application Load Balancer
All Home

All Question 501/790


A company hosts its static website content from an Amazon S3 bucket in the us–east–1 Region. Content is made available through an Amazon CloudFront origin pointing to that bucket. Cross–Region replication is set to create a second copy of the bucket in the ap–southeast–1 Region. Management wants a solution that provides greater availability for the website.

Which combination of actions should a solutions architect take to increase availability? (Choose two.)

RefreshNextRandom

B. Configure failover routing in Amazon Route 53.
E. Set up a CloudFront origin group with the us-east-1 bucket as the primary and the ap-southeast-1 bucket as the secondary.
All Home

All Question 502/790


A company has a 10 Gbps AWS Direct Connect connection from its on–premises servers to AWS. The workloads using the connection are critical. The company requires a disaster recovery strategy with maximum resiliency that maintains the current connection bandwidth at a minimum.

What should a solutions architect recommend?

RefreshNextRandom

A. Set up a new Direct Connect connection in anothr AWS Region.
All Home

All Question 503/790


A media company is using two video conversion tools that run on Amazon EC2 instances. One tool runs on Windows instances, and the other tool runs on Linux instances. Each video file is large in size and must be processed by both tools.

The company needs a storage solution that can provide a centralized file system that can be mounted on all the EC2 instances that are used in this process.

Which solution meets these requirements?

RefreshNextRandom

C. Use Amazon Elastic File System (Amazon EFS) with General Purpose performance mode for the Windows instances and the Linux instances
All Home

All Question 504/790


A company has a media catalog with metadata for each item in the catalog. Different types of metadata are extracted from the media items by an application running on AWS Lambda.

Metadata is extracted according to a number of rules, with the output stored in an Amazon ElastiCache for Redis cluster. The extraction process is done in batches and takes around 40 minutes to complete. The update process is triggered manually whenever the metadata extraction rules change.

The company wants to reduce the amount of time it takes to extract metadata from its media catalog. To achieve this, a solutions architect has split the single metadata extraction Lambda function into a Lambda function for each type of metadata.

Which additional steps should the solutions architect take to meet the requirements?

RefreshNextRandom

C. Create an AWS Step Functions workflow to run the Lambda functions in parallel. Create a Lambda function to retrieve a list of media items and write each item to an Amazon SQS queue. Configure the SQS queue as an input to the Step Functions workflow.
All Home

All Question 505/790


A company is developing a new machine learning model solution in AWS. The models are developed as independent microservices that fetch about 1 GB of model data from Amazon S3 at startup and load the data into memory. Users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where the results should be sent.

The company provides models to hundreds of users. The usage patterns for the models are irregular Some models could be unused for days or weeks. Other models could receive batches of thousands of requests at a time.

Which solution meets these requirements?

RefreshNextRandom

D. The requests from the API are sent to the models Amazon Simple Queue Service (Amazon SQS) queue. Models are deployed as Amazon Elastic Container Service (Amazon ECS) services reading from the queue AWS Auto Scaling is enabled on Amazon ECS for both the cluster and copies of the service based on the queue size.
All Home

All Question 506/790


A company has thousands of edge devices that collectively generate 1 TB of status averts each day Each alert s approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis.

The company wants a highly available solution However the company needs to minimize costs and does not want to manage additional infrastructure Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days.

What is the MOST operationally efficient solution that meets these requirements?

RefreshNextRandom

A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3 bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days
All Home

All Question 507/790


A company is using Site–to–Site VPN connection for secure connectivity to its AWS cloud resource from on–premises. Due to an increase in traffic across the VPN connections to the Amazon EC2 instances, users are experiencing slower VPN connectivity.

Which solution will improve the VPN throughput?

RefreshNextRandom

B. Use a Transit Gateway with equal cost multipath routing and add additional VPN tunnels.
All Home

All Question 508/790


A company has an asynchronous web application where Amazon API Gateway triggers AWS Lambda functions to perform write and update operations on an Amazon RDS DB instance. During periods of extreme use API Gateway and Lambda scale in response to the incoming workload but service outages occur due to congestion with Amazon RDS.

The company is seeking a cost–effective design to alleviate this congestion. What should a solutions architect recommend'?

RefreshNextRandom

D. Use Amazon Simple Queue Service (Amazon SQS) to buffer the incoming requests before delivering them to the Lambda functions
All Home

All Question 509/790


The financial application at a company stores monthly reports in an Amazon S3 bucket. The vice president of finance has mandated that all access to these reports be logged and that any modifications to the log files be detected.

Which actions can a solutions architect take to meet these requirements?

RefreshNextRandom

C. Use AWS CloudTrail to create a new trail. Configure the trail to log read and write data events on the S3 bucket that houses the reports Log these events to a new bucket, and enable log file validation References: Amazon Simple Storage Service > User Guide > Enabling CloudTrail event logging for S3 buckets and objects
All Home

All Question 510/790


In Amazon EC2 Container Service components, what is the name of a logical grouping of container instances on which you can place tasks?

RefreshNextRandom

A. A cluster
Amazon ECS contains the following components: A Cluster is a logical grouping of container instances that you can place tasks on. A Container instance is an Amazon EC2 instance that is running the Amazon ECS agent and has been registered into a cluster. A Task definition is a description of an application that contains one or more container definitions. A Scheduler is the method used for placing tasks on container instances. A Service is an Amazon ECS service that allows you to run and maintain a specified number of instances of a task definition simultaneously. A Task is an instantiation of a task definition that is running on a container instance. A Container is a Linux container that was created as part of a task.
All Home

All Question 511/790


A company is concerned that two NAT instances in use will no longer be able to support the traffic needed for the company's application. A solutions architect wants to implement a solution that is highly available fault tolerant, and automatically scalable.

What should the solutions architect recommend?

RefreshNextRandom

C. Remove the two NAT instances and replace them with two NAT gateways in different Availability Zones.
All Home

All Question 512/790


A website runs a web application that receives a burst of traffic each day at noon. The users upload new pictures and content daily, but have been complaining of timeouts. The architecture uses Amazon EC2 Auto Scaling groups, and the custom application consistently takes 1 minute to initiate upon boot up before responding to user requests.

How should a solutions architect redesign the architecture to better respond to changing traffic?

RefreshNextRandom

C. Configure an Auto Scaling step scaling policy with an instance warmup condition.
If you are creating a step policy, you can specify the number of seconds that it takes for a newly launched instance to warm up. Until its specified warm-up time has expired, an instance is not counted toward the aggregated metrics of the Auto Scaling group. Using the example in the Step Adjustments section, suppose that the metric gets to 60, and then it gets to 62 while the new instance is still warming up. The current capacity is still 10 instances, so 1 instance is added (10 percent of 10 instances). However, the desired capacity of the group is already 11 instances, so the scaling policy does not increase the desired capacity further. If the metric gets to 70 while the new instance is still warming up, we should add 3 instances (30 percent of 10 instances). However, the desired capacity of the group is already 11, so we add only 2 instances, for a new desired capacity of 13 instances. References: Amazon EC2 Auto Scaling > User Guide > Step and simple scaling policies for Amazon EC2 Auto Scaling
All Home

All Question 513/790


A city has deployed a web application running on AmazonEC2 instances behind an Application Load Balancer (ALB).

The Application's users have reported sporadic performance, which appears to be related to DDoS attacks originating from random IP addresses.

The City needs a solution that requires minimal configuration changes and provides an audit trail for the DDoS source.

Which solution meets these requirements?

RefreshNextRandom

C. Subscribe to AWS shield advanced. Engage the AWS DDoS Response Team (DRT) to integrate migrating controls into the service.
All Home

All Question 514/790


A company's packaged application dynamically creates and returns single–use text files in response to user requests. The company is using Amazon CloudFront for distribution, but wants to further reduce data transfer costs. The company cannot modify the application's source code.

What should a solutions architect do to reduce costs?

RefreshNextRandom

A. Use Lambda@Edge to compress the files as they are sent to users.
B seems more expensive; C does not seem right because they are single use files and will not be needed again from the cache; D multipart mainly for large files and will not reduce data and cost; A seems the best: change the application code to compress the files and reduce the amount of data transferred to save costs.
All Home

All Question 515/790


A company has an application running as a service in Amazon Elastic Container Service (Amazon EC2) using the Amazon launch type.

The application code makes AWS API calls to publish messages to Amazon Simple Queue Service (Amazon SQS).

What is the MOST secure method of giving the application permission to publish messages to Amazon SQS?

RefreshNextRandom

B. Create a new IAM user with SQS permissions. The update the task definition to declare the access key ID and secret access key as environment variables.
All Home

All Question 516/790


A company has an on–premises MySQL database used by the global sales team with infrequent access patterns. The sales team requires the database to have minimal downtime. A database administrator wants to migrate this database to AWS without selecting a particular instance type in anticipation of more users in the future.

Which service should a solutions architect recommend?

RefreshNextRandom

B. Amazon Aurora Serverless for MySQL
A database administrator wants to migrate this database to AWS without selecting a particular instance type in anticipation of more users in the future" Serverless sounds right, and it's compatible with MySQL and PostgreSQL.
All Home

All Question 517/790


A company is running a three–tier web application to process credit card payments. The front–end user interface consists of static webpages. The application tier can have long–running processes. The database tier uses MySQL.

The application is currently running on a single, general–purpose large Amazon EC2 instance. A solutions architect needs to decouple the services to make the web application highly available.

Which solution would provide the HIGHEST availability?

RefreshNextRandom

B. Move static assets and the application into a medium EC2 instance. Leave the database on the large instance. Place both instances in an Auto Scaling group.
All Home

All Question 518/790


A company currently stores symmetric encryption keys in a hardware security module (HSM). A solutions architect must design a solution to migrate key management to AWS. The solution should allow for key rotation and support the use of customer provided keys.

Where should the key material be stored to meet these requirements?

RefreshNextRandom

B. AWS Secrets Manager
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. References: AWS Secrets Manager
All Home

All Question 519/790


A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week.

What should the company do to guarantee the EC2 capacity?

RefreshNextRandom

A. Purchase Reserved Instances that specify the Region needed.
All Home

All Question 520/790


A company mandates that an Amazon S3 gateway endpoint must allow traffic to trusted buckets only.

Which method should a solutions architect implement to meet this requirement?

RefreshNextRandom

D. Create an S3 endpoint policy for each of the company's S3 gateway endpoints that provides access to the Amazon Resource Name (ARN) of the trusted S3 buckets.
All Home

All Question 521/790


The application's traffic is often low. but it occasionally grows significantly. During these sudden increases in traffic, DynamoDB returns throttling errors. The result is that error pages are displayed to end users.

What should a solutions architect do to reduce these errors?

RefreshNextRandom

D. Configure the application to use strongly consistent reads for DynamoDB queries.
All Home

All Question 522/790


A solutions architect is creating an application that will handle batch processing of large amounts of data.

The input data will be held in Amazon S3 and the output data will be stored in a different S3 bucket. For processing, the application will transfer the data over the network between multiple Amazon EC2 instances.

What should the solutions architect do to reduce the overall data transfer costs?

RefreshNextRandom

C. Place all the EC2 instances in the same Availability Zone.
The transfer is between EC2 instances and not just between S3 and EC2. Also, be aware of inter-Availability Zones data transfer charges between Amazon EC2 instances, even within the same region. If possible, the instances in a development or test environment that need to communicate with each other should be co-located within the same Availability Zone to avoid data transfer charges. (This doesn't apply to production workloads which will most likely need to span multiple Availability Zones for high availability.) References: AWS Management & Governance Blog > Using AWS Cost Explorer to analyze data transfer costs
All Home

All Question 523/790


A company is launching a new application that will be hosted on Amazon EC2 instances. A solutions architect needs to design a solution that does not allow public IPv4 access that originates from the internet. However, the solution must allow the EC2 instances to make outbound IPv4 internet requests.

The initial design proposal shows that the EC2 instances would be located in two private subnets across two Availability Zones.

The entire architecture must be highly available.

How should the solutions architect change the architecture to meet these requirements?

RefreshNextRandom

C. Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.
All Home

All Question 524/790


A company is building a payment application that must be highly available even during regional service disruptions. A solutions architect must design a data storage solution that can be easily replicated and used in other AWS Regions. The application also requires low–latency atomicity, consistency, isolation, and durability (ACID) transactions that need to be immediately available to generate reports The development team also needs to use SQL.

Which data storage solution meets these requirements?

RefreshNextRandom

C. Amazon S3 with cross-Region replication and Amazon Athena
All Home

All Question 525/790


A company recently deployed a new auditing system to centralize information about operating system versions, patching, and installed software for Amazon EC2 instances. A solutions architect must ensure all instances provisioned through EC2 Auto Scaling groups successfully send reports to the auditing system as soon as they are launched and terminated.

Which solution achieves these goals MOST efficiently?

RefreshNextRandom

B. Use EC2 Auto Scaling lifecycle hooks to execute a custom script to send data to the audit system when instances are launched and terminated.
All Home

All Question 526/790


A company hosts a static website on–premises and wants to migrate the website to AWS. The website should load as quickly as possible for users around the world. The company also wants the most cost–effective solution.

What should a solutions architect do to accomplish this?

RefreshNextRandom

B. Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Configure Amazon CloudFront with the S3 bucket as the origin.
What Is Amazon CloudFront? Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. Using Amazon S3 Buckets for Your Origin When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in an Amazon S3 bucket. You can use any method that is supported by Amazon S3 to get your objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket. Using an existing Amazon S3 bucket as your CloudFront origin server doesn't change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects at the standard Amazon S3 price. You incur regular Amazon S3 charges for storing the objects in the bucket. The most cost-effective option is to migrate the website to an Amazon S3 bucket and configure that bucket for static website hosting. To enable good performance for global users the solutions architect should then configure a CloudFront distribution with the S3 bucket as the origin. This will cache the static content around the world closer to users. CORRECT: "Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Configure Amazon CloudFront with the S3 bucket as the origin" is the correct answer. INCORRECT: "Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Replicate the S3 bucket to multiple AWS Regions" is incorrect as there is no solution here for directing users to the closest region. This could be a more cost-effective (though less elegant) solution if AWS Route 53 latency records are created. INCORRECT: "Copy the website content to an Amazon EC2 instance. Configure Amazon Route 53 geolocation routing policies to select the closest origin" is incorrect as using Amazon EC2 instances is less cost-effective compared to hosting the website on S3. Also, geolocation routing does not achieve anything with only a single record. INCORRECT: "Copy the website content to multiple Amazon EC2 instances in multiple AWS Regions. Configure AWS Route 53 geolocation routing policies to select the closest region" is incorrect as using Amazon EC2 instances is less cost-effective compared to hosting the website on S3. References: How do I use CloudFront to serve a static website hosted on Amazon S3?
All Home

All Question 527/790


Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the work. The files are stored in an Amazon S3 Bucket A solutions architect has been asked to design an efficient and effective solution

Which action should the solutions architect take to accomplish this?

RefreshNextRandom

D. Use Amazon CloudFront with the S3 bucket as its ongin
All Home

All Question 528/790


An eCommerce company has noticed performance degradation of its Amazon RDS based web application.

The performance degradation is attributed to an increase in the number of read–only SQL queries triggered by business analysts. A solutions architect needs to solve the problem with minimal changes to the existing web application. What should the solutions architect recommend?

RefreshNextRandom

C. Create a read replica of the primary database and have the business analysts run their queries.
All Home

All Question 529/790


An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

RefreshNextRandom

A. Use a VPC endpoint for DynamoDB.
An Interface endpoint uses AWS PrivateLink and is an elastic network interface (ENI) with a private IP address that serves as an entry point for traffic destined to a supported service. Using PrivateLink you can connect your VPC to supported AWS services, services hosted by other AWS accounts (VPC endpoint services), and supported AWS Marketplace partner services. AWS PrivateLink access over Inter-Region VPC Peering: Applications in an AWS VPC can securely access AWS PrivateLink endpoints across AWS Regions using Inter-Region VPC Peering. AWS PrivateLink allows you to privately access services hosted on AWS in a highly available and scalable manner, without using public IPs, and without requiring the traffic to traverse the Internet. Customers can privately connect to a service even if the service endpoint resides in a different AWS Region. Traffic using Inter-Region VPC Peering stays on the global AWS backbone and never traverses the public Internet. A gateway endpoint is a gateway that is a target for a specified route in your route table, used for traffic destined to a supported AWS service. An interface VPC endpoint (interface endpoint) enables you to connect to services powered by AWS PrivateLink. References: Amazon DynamoDB > Developer Guide > What Is Amazon DynamoDB?
All Home

All Question 530/790


A solutions architect is designing a solution that involves orchestrating a series of Amazon Elastic Container Service (Amazon ECS) task types running on Amazon EC2 instances that are part of an ECS cluster. The output and state data for all tasks needs to be stored.

The amount of data output by each task is approximately 10MB, and there could be hundreds of tasks running at a time. The system should be optimized for high–frequency reading and writing. As old outputs are archived and deleted, the storage size is not expected to exceed 1TB.

Which storage solution should the solutions architect recommend?

RefreshNextRandom

C. An Amazon Elastic File System (Amazon EFS) file system with Bursting Throughput mode.
All Home

All Question 531/790


A company is building a media–sharing application and decides to use Amazon S3 for storage. When a media file is uploaded the company starts a multi–step process to create thumbnails, identify objects in the images, transcode videos into standard formats and resolutions and extract and store the metadata to an Amazon DynamoDB table.

The metadata is used for searching and navigation. The amount of traffic is variable The solution must be able to scale to handle spikes in load without unnecessary expenses.

What should a solutions architect recommend to support this workload?

RefreshNextRandom

C. Trigger an AWS Lambda function when an object is stored in the S3 bucket. Have the Lambda function start AWS Batch to perform the steps to process the object. Place the object data in the DynamoDB table when complete
All Home

All Question 532/790


A company seeks a storage solution for its application. The solution must be highly available and scalable.

The solution also must function as a file system, be mountable by multiple Linux instances in AWS and on–premises through native protocols, and have no minimum size requirements.


RefreshNextRandom

C. Amazon Elastic File System (Amazon EFS) with multiple mount targets
All Home

All Question 533/790


A solutions architect is designing a two–tier web application. The application consists of a public–facing web tier hosted on Amazon EC2 in public subnets. The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet. Security is a high priority for the company.

How should security groups be configured in this situation? (Choose two.)

RefreshNextRandom

A. Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.
C. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.
In this scenario an inbound rule is required to allow traffic from any internet client to the web front end on SSL/TLS port 443. The source should therefore be set to 0.0.0.0/0 to allow any inbound traffic. To secure the connection from the web frontend to the database tier, an outbound rule should be created from the public EC2 security group with a destination of the private EC2 security group. The port should be set to 1433 for MySQL. The private EC2 security group will also need to allow inbound traffic on 1433 from the public EC2 security group. This configuration can be seen in the diagram: CORRECT: "Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0" is a correct answer. CORRECT: "Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier" is also a correct answer. INCORRECT: "Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0" is incorrect as this is configured backwards. INCORRECT: "Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier" is incorrect as the MySQL database instance does not need to send outbound traffic on either of these ports. INCORRECT: "Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier" is incorrect as the database tier does not need to allow inbound traffic on port 443. References: Amazon Virtual Private Cloud > User Guide > Security groups for your VPC
All Home

All Question 534/790


A company is building a media sharing application and decides to use Amazon S3 for storage. When a media file is uploaded, the company starts a multi–step process to create thumbnails, identify objects in the images, transcode videos into standard formats and resolutions, and extract and store the metadata to an Amazon DynamoDB table. The metadata is used for searching and navigation.

The amount of traffic is variable. The solution must be able to scale to handle spikes in load without unnecessary expenses.

What should a solutions architect recommend to support this workload?

RefreshNextRandom

C. Trigger an AWS Lambda function when an object is stored in the S3 bucket. Have the Lambda function start AWS Batch to perform the steps to process the object. Place the object data in the DynamoDB table when complete.
All Home

All Question 535/790


A company is running a highly sensitive application on Amazon EC2 backed by an Amazon RDS database Compliance regulations mandate that all personally identifiable information (Pll) be encrypted at rest.

Which solution should a solutions architect recommend to meet this requirement with the LEAST amount of changes to the infrastructure"

RefreshNextRandom

D. Configure SSL encryption using AWS Key Management Service customer master keys (AWS KMS CMKs) to encrypt database volumes
All Home

All Question 536/790


A company is migrating from an on–premises infrastructure to the AWS Cloud. One of the company's applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync. A solutions architect needs to replace the file server farm.

Which service should the solutions architect use?

RefreshNextRandom

B. Amazon FSx
Migrating Existing Files to Amazon FSx for Windows File Server Using AWS DataSync We recommend using AWS DataSync to transfer data between Amazon FSx for Windows File Server file systems. DataSync is a data transfer service that simplifies, automates, and accelerates moving and replicating data between on-premises storage systems and other AWS storage services over the internet or AWS Direct Connect. DataSync can transfer your file system data and metadata, such as ownership, time stamps, and access permissions. Amazon FSx for Windows File Server provides fully managed, highly reliable file storage that is accessible over the industry-standard Server Message Block (SMB) protocol. Amazon FSx is built on Windows Server and provides a rich set of administrative features that include end-user file restore, user quotas, and Access Control Lists (ACLs). Additionally, Amazon FSX for Windows File Server supports Distributed File System Replication (DFSR) in both Single-AZ and Multi-AZ deployments as can be seen in the feature comparison table below. CORRECT: "Amazon FSx" is the correct answer. INCORRECT: "Amazon EFS" is incorrect as EFS only supports Linux systems. INCORRECT: "Amazon S3" is incorrect as this is not a suitable replacement for a Microsoft filesystem. INCORRECT: "AWS Storage Gateway" is incorrect as this service is primarily used for connecting on-premises storage to cloud storage. It consists of a software device installed on-premises and can be used with SMB shares but it actually stores the data on S3. It is also used for migration. However, in this case the company need to replace the file server farm and Amazon FSx is the best choice for this job. References: Amazon FSx for Windows File Server > Windows User Guide > Availability and durability: Single-AZ and Multi-AZ file systems
All Home

All Question 537/790


A company wants to use a custom distributed application that calculates various profit and loss scenarios. To achieve this goal, the company needs to provide a network connection between its Amazon EC2 instances. The connection must minimize latency and must maximize throughput

Which solution will meet these requirements?

RefreshNextRandom

B. Configure a placement group for EC2 instances that have the same instance type.
All Home

All Question 538/790


A company has migrated an on–premises Oracle database to an Amazon RDS for Oracle Multi–AZ DB instance in the us–east–l Region. A solutions architect is designing a disaster recovery strategy to have the database provisioned in the us–west–2 Region in case the database becomes unavailable in the us–east–1 Region. The design must ensure the database is provisioned in the us–west–2 Region in a maximum of 2 hours, with a data loss window of no more than 3 hours.

How can these requirements be met?

RefreshNextRandom

A. Edit the DB instance and create a read replica in us-west-2. Promote the read replica to master in us-west-2 in case the disaster recovery environment needs to be activated.
All Home

All Question 539/790


A company has a Microsoft Windows–based application that must be migrated to AWS. This application requires the use of a shared Windows file system attached to multiple Amazon EC2 Windows instances.

What should a solution architect do to accomplish this?

RefreshNextRandom

C. Configure Amazon FSx for Windows File Server Mount the Amazon FSx volume to each Windows Instance
All Home

All Question 540/790


A company manages its own Amazon EC2 instances that run MySQL databases. The company is manually managing replication and scaling as demand increases or decreases. The company needs a new solution that simplifies the process of adding or removing compute capacity to or from its database tier as needed.

The solution also must offer improved performance, scaling, and durability with minimal effort from operations.

Which solution meets these requirements?

RefreshNextRandom

D. Create an EC2 Auto Scaling group for the database tier. Migrate the existing databases to the new environment.
All Home

All Question 541/790


Amazon EC2 provides a ___________ . It is an HTTP or HTTPS request that uses the HTTP verbs GET or POST.

RefreshNextRandom

C. Query API
Amazon EC2 provides a Query API. These requests are HTTP or HTTPS requests that use the HTTP verbs GET or POST and a Query parameter named Action. References: Amazon Elastic Compute Cloud > API Reference > Making requests to the Amazon EC2 API
All Home

All Question 542/790


What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?

RefreshNextRandom

D. Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.
All Home

All Question 543/790



Which solution meets these requirements?

RefreshNextRandom

C. Replace the NAT gateway with a gateway VPC endpoint.
All Home

All Question 544/790


A solutions architect is designing a new service behind Amazon API Gateway. The request patterns for the service will be unpredictable and can change suddenly from 0 requests to over 500 per second. The total size of the data that needs to be persisted in a backend database is currently less than 1 GB with unpredictable future growth. Data can be queried using simple key–value requests.

Which combination of AWS services would meet these requirements? (Choose two.)

RefreshNextRandom

B. AWS Lambda
C. Amazon DynamoDB
In this case AWS Lambda can perform the computation and store the data in an Amazon DynamoDB table. Lambda can scale concurrent executions to meet demand easily and DynamoDB is built for key-value data storage requirements and is also serverless and easily scalable. This is therefore a cost effective solution for unpredictable workloads. CORRECT: "AWS Lambda" is a correct answer. CORRECT: "Amazon DynamoDB" is also a correct answer. INCORRECT: "AWS Fargate" is incorrect as containers run constantly and therefore incur costs even when no requests are being made. INCORRECT: "Amazon EC2 Auto Scaling" is incorrect as this uses EC2 instances which will incur costs even when no requests are being made. INCORRECT: "Amazon RDS" is incorrect as this is a relational database not a No-SQL database. It is therefore not suitable for key-value data storage requirements. References: AWS Lambda Features Amazon DynamoDB
All Home

All Question 545/790


A company is concerned about the security of its public web application due to recent web attacks. The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application

What should the solutions architect do to meet this requirement?

RefreshNextRandom

C. Enable AWS Shield Advanced to prevent attacks.
All Home

All Question 546/790


A company wants to run a hybrid workload for data processing. The data needs to be accessed by on–premises applications for local data processing using an NFS protocol, and must also be accessible from the AWS Cloud for further analytics and batch processing.

Which solution will meet these requirements?

RefreshNextRandom

A. Use an AWS Storage Gateway file gateway to provide file storage to AWS, then perform analytics on this data in the AWS Cloud. References: AWS Storage Gateway
All Home

All Question 547/790



What should a solutions architect do to correct this issue?

RefreshNextRandom

B. Create security group rules using the security group ID as the source or destination.
All Home

All Question 548/790


A company has copied 1 PB of data from a colocation facility to an Amazon S3 bucket in the us–east–1 Region using an AWS Direct Connect link. The company now wants to copy the data to another S3 bucket in the us–west–2 Region. The colocation facility does not allow the use of AWS Snowball.

What should a solutions architect recommend to accomplish this?

RefreshNextRandom

C. Use the aws S3 sync command to copy data from the source bucket to the destination bucket. References: How can I copy all objects from one Amazon S3 bucket to another bucket?
All Home

All Question 549/790


A company is using a fleet of Amazon EC2 instances to ingest data from on–premises data sources. The data is in JSON format and ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in–flight is lost. The company's data science team wants to query ingested data in near–real time.

Which solution provides near–real–time data querying that is scalable with minimal data loss?

RefreshNextRandom

B. Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination. Use Amazon Redshift to query the data.
Kinesis data streams consists of shards. The more throughput is needed, the more shards you add, the less throughput, the more shards you remove, so it's scalable. Each shard can handle up to 1MB/s of writes. However Kinesis data streams stores ingested data for only 1 to 7 days so there is a chance of data loss. Additionally, Kinesis data analytics and kinesis data streams are both for real-time ingestion and analytics. Firehouse on the other hand is also scalable and processes data in near real time as per the requirement. It also transfers data into Redshift which is a data warehouse so data won't be lost. Redshift also has a SQL interface for performing queries for data analytics.
All Home

All Question 550/790


A company designed a stateless two–tier application that uses Amazon EC2 in a single Availability Zone and an Amazon RDS Multi–AZ DB instance. New company management wants to ensure the application is highly available.

What should a solutions architect do to meet this requirement?

RefreshNextRandom

A. Configure the application to use Multi-AZ EC2 Auto Scaling and create an Application Load Balancer.
All Home

All Question 551/790


A company wants to run workload–Intensive queries from its 10 TB Amazon Aurora MySQL DB cluster.

Temporary schema changes need to be made to the database to generate monthly reports. However, these changes are not desired for the ongoing production cluster.

The company must choose the most operationally efficient solution to meet these requirements.

Which solution should the company choose?

RefreshNextRandom

B. Create Aurora Read Replicas and use them for reporting
All Home

All Question 552/790


A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML. CSS, client–side JavaScript, and images.

Which method is the MOST cost–effective for hosting the website?

RefreshNextRandom

B. Create an Amazon S3 bucket and host the website there
All Home

All Question 553/790


A company needs to retain application log files for a critical application for 10years. The application team regularly accesses logs from the past month for troubleshooting, but logs older than 1 month are rarely accessed. The application generates more than 10 TB of logs per month.

Which storage option meets these requirements MOST cost–effectively?

RefreshNextRandom

B. Store the logs in Amazon S3. Use S3 Lifecycle policies to move logs more than 1 month old to S3 Glacier Deep Archive.
All Home

All Question 554/790


You have been given a scope to deploy some AWS infrastructure for a large organization. The requirements are that you will have a lot of EC2 instances but may need to add more when the average utilization of your Amazon EC2 fleet is high and conversely remove them when CPU utilization is low.

Which AWS services would be best to use to accomplish this?

RefreshNextRandom

B. Auto Scaling, Amazon CloudWatch and Elastic Load Balancing.
Auto Scaling enables you to follow the demand curve for your applications closely, reducing the need to manually provision Amazon EC2 capacity in advance. For example, you can set a condition to add new Amazon EC2 instances in increments to the Auto Scaling group when the average utilization of your Amazon EC2 fleet is high; and similarly, you can set a condition to remove instances in the same increments when CPU utilization is low. If you have predictable load changes, you can set a schedule through Auto Scaling to plan your scaling activities. You can use Amazon CloudWatch to send alarms to trigger scaling activities and Elastic Load Balancing to help distribute traffic to your instances within Auto Scaling groups. Auto Scaling enables you to run your Amazon EC2 fleet at optimal utilization. References: AWS Auto Scaling
All Home

All Question 555/790


A meteorological startup company has a custom web application to sell weather data to its users online. The company uses Amazon DynamoDB to store its data and wants to build a new service that sends an alert to the managers of four internal teams every time a new weather event is recorded. The company does not want this new service to affect the performance of the current application

What should a solutions architect do to meet these requirements with the LEAST amount of operational overhead?

RefreshNextRandom

A. Use DynamoDB transactions to write new event data to the table Configure the transactions to notify internal teams.
All Home

All Question 556/790


A security team needs to enforce the rotation of all IAM users' access keys every 90 days. If an access key is found to be older, the key must be made inactive and removed. A solutions architect must create a solution that will check for and remediate any keys older than 90 days.

Which solution meets these requirements with the LEAST operational effort?

RefreshNextRandom

A. Create an AWS Config rule to check for the key age. Configure the AWS Config rule to run an AWS Batch job to remove the key.
All Home

All Question 557/790


While using the EC2 GET requests as URLs, the _________ is the URL that serves as the entry point for the web service.

RefreshNextRandom

B. endpoint
The endpoint is the URL that serves as the entry point for the web service. References: Amazon Elastic Compute Cloud > API Reference > Query requests for Amazon EC2
All Home

All Question 558/790


A company serves content to its subscribers across the world using an application running on AWS. The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). Due to a recent change in copyright restrictions, the chief information officer (CIO) wants to block access for certain countries.

Which action will meet these requirements?

RefreshNextRandom

C. Use Amazon CloudFront to serve the application and deny access to blocked countries.
"block access for certain countries." You can use geo restriction, also known as geo blocking, to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution. When a user requests your content, CloudFront typically serves the requested content regardless of where the user is located. If you need to prevent users in specific countries from accessing your content, you can use the CloudFront geo restriction feature to do one of the following: Allow your users to access your content only if they're in one of the countries on a whitelist of approved countries. Prevent your users from accessing your content if they're in one of the countries on a blacklist of banned countries. For example, if a request comes from a country where, for copyright reasons, you are not authorized to distribute your content, you can use CloudFront geo restriction to block the request. This is the easiest and most effective way to implement a geographic restriction for the delivery of content. CORRECT: "Use Amazon CloudFront to serve the application and deny access to blocked countries" is the correct answer. INCORRECT: "Use a Network ACL to block the IP address ranges associated with the specific countries" is incorrect as this would be extremely difficult to manage. INCORRECT: "Modify the ALB security group to deny incoming traffic from blocked countries" is incorrect as security groups cannot block traffic by country. INCORRECT: "Modify the security group for EC2 instances to deny incoming traffic from blocked countries" is incorrect as security groups cannot block traffic by country. References: Amazon CloudFront > Developer Guide > Restricting the geographic distribution of your content
All Home

All Question 559/790


A company wants to migrate a workload to AWS. The chief information security officer requires that all data be encrypted at rest when stored in the cloud. The company wants complete control of encryption key lifecycle management.

The company must be able to immediately remove the key material and audit key usage independently of AWS CloudTrail. The chosen services should integrate with other storage services that will be used on AWS.

Which services satisfies these security requirements?

RefreshNextRandom

B. AWS Key Management Service (AWS KMS) with AWS CloudHSM
Took a bit of reading. Key points in question: "The company must be able to immediately remove the key material and audit key usage independently" "The chosen services should integrate with other storage services that will be used on AWS" Point 1: Q: Can I use CloudHSM to store keys or encrypt data used by other AWS services? Ans: Yes. You can do all encryption in your CloudHSM-integrated application. In this case, AWS services such as Amazon S3 or Amazon Elastic Block Store (EBS) would only see your data encrypted. Point 2: AWS manages the hardware security module (HSM) appliance, but does not have access to your keys. You control and manage your own keys References: AWS CloudHSM features AWS CloudHSM FAQs
All Home

All Question 560/790



Which solution will meet these requirements?

RefreshNextRandom

B. Increase the size of the EC2 NAT instance in the VPC to a network optimized instance type
All Home

All Question 561/790


A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the tiles can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.

The tiles are stored in an on–premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.

Which solution will meet these requirements?

RefreshNextRandom

D. Migrate the tiles to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.
All Home

All Question 562/790


A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.

A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.

A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?

RefreshNextRandom

C. Deleting Amazon EC2 instances
All Home

All Question 563/790


A development team is collaborating with another company to create an integrated product. The other company needs to access an Amazon Simple Queue Service (Amazon SQS) queue that is contained in the development team's account. The other company wants to poll the queue without giving up its own account permissions to do so.

How should a solutions architect provide access to the SQS queue?

RefreshNextRandom

C. Create an SQS access policy that provides the other company access to the SQS queue.
All Home

All Question 564/790


A data science team requires storage for nightly log processing. The size and number of logs is unknown and will persist for 24 hours only.

What is the MOST cost–effective solution?

RefreshNextRandom

B. Amazon S3 Standard
The S3 Intelligent-Tiering storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. It works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. This is an ideal use case for intelligent-tiering as the access patterns for the log files are not known. CORRECT: "S3 Intelligent-Tiering" is the correct answer. INCORRECT: "S3 Standard-Infrequent Access (S3 Standard-IA)" is incorrect as if the data is accessed often retrieval fees could become expensive. INCORRECT: "S3 One Zone-Infrequent Access (S3 One Zone-IA)" is incorrect as if the data is accessed often retrieval fees could become expensive. INCORRECT: "S3 Glacier" is incorrect as if the data is accessed often retrieval fees could become expensive. Glacier also requires more work in retrieving the data from the archive and quick access requirements can add further costs. References: Unknown or changing access
All Home

All Question 565/790


A company hosts historical weather records in Amazon S3. The records are downloaded from the company's website by way of a URL that resolves to a domain name Users all over the world access this content through subscriptions A third–party provider hosts the company's root domain name, but the company recently migrated some of its services to Amazon Route 53. The company wants to consolidate contracts, reduce latency for users, and reduce costs related to serving the application to subscribers

Which solution meets these requirements?

RefreshNextRandom

C. Create an A record in a Route 53 hosted zone for the application. Create a Route 53 traffic policy for the web application, and configure a geolocation rule Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy.
All Home

All Question 566/790



The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for the network ACLs. security groups, and route tables are still in their default states.

What should a solutions architect recommend to fix the application?

RefreshNextRandom

D. Add an inbound rule to the security group of the database tier's RDS instance to allow traffic from the web tier's security group.
All Home

All Question 567/790


A solutions architect is designing a publicly accessible web application that is on an Amazon CloudFront distribution with an Amazon S3 website endpoint as the origin.

When the solution is deployed, the website returns an Error 403: Access Denied message.

Which steps should the solutions architect take to correct the issue? (Select TWO.)

RefreshNextRandom

A. Remove the S3 block public access option from the S3 bucket.
B. Remove the requester pays option from the S3 bucket.
All Home

All Question 568/790


A company is building a document storage application on AWS. The application runs on Amazon EC2 instances in multiple Availability Zones. The company requires the document store to be highly available.

The documents need to be returned immediately when requested. The lead engineer has configured the application to use Amazon Elastic Block Store (Amazon EBS) to store the documents, but is willing to consider other options to meet the availability requirement.

What should a solutions architect recommend?

RefreshNextRandom

B. Use Amazon EBS for the EC2 instance root volumes. Configure the application to build the document store on Amazon S3.
All Home

All Question 569/790


A company is designing a web application using AWS that processes insurance quotes. Users will request quotes from the application. Quotes must be separated by quote type must be responded to within 24 hours, and must not be lost. The solution should be simple to set up and maintain.

Which solution meets these requirements?

RefreshNextRandom

C. Create a single Amazon Simple Notification Service (Amazon SNS) topic and subscribe the Amazon SQS queues to the SNS topic. Configure SNS message filtering to publish messages to the proper SQS queue based on the quote type. Configure each backend application server to work its own SQS queue.
It all depends on where you want to do the quote type classification i.e. in the app and send to a different/multiple SNS topics (B) or use SNS filtering to do the type classification (C). The question doesn't really give you enough info to make a clear choice but configuring SNS filtering is probably less work and easier to maintain than maintaining app code. References: Amazon Simple Notification Service > Developer Guide > Amazon SNS message filtering
All Home

All Question 570/790


A solutions architect is implementing a document review application using an Amazon S3 bucket for storage. The solution must prevent an accidental deletion of the documents and ensure that all versions of the documents are available. Users must be able to download, modify, and upload documents.

Which combination of actions should be taken to meet these requirements? (Choose two.)

RefreshNextRandom

B. Enable versioning on the bucket.
D. Enable MFA Delete on the bucket.
Object Versioning Use Amazon S3 Versioning to keep multiple versions of an object in one bucket. For example, you could store my-image.jpg (version 111111) and my-image.jpg (version 222222) in a single bucket. S3 Versioning protects you from the consequences of unintended overwrites and deletions. You can also use it to archive objects so that you have access to previous versions. To customize your data retention approach and control storage costs, use object versioning with Object lifecycle management. For information about creating S3 Lifecycle policies using the AWS Management Console, see How Do I Create a Lifecycle Policy for an S3 Bucket? in the Amazon Simple Storage Service Console User Guide. If you have an object expiration lifecycle policy in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle policy will manage the deletes of the noncurrent object versions in the version-enabled bucket. (A version-enabled bucket maintains one current and zero or more noncurrent object versions.) You must explicitly enable S3 Versioning on your bucket. By default, S3 Versioning is disabled. Regardless of whether you have enabled Versioning, each object in your bucket has a version ID. If you have not enabled Versioning, Amazon S3 sets the value of the version ID to null. If S3 Versioning is enabled, Amazon S3 assigns a version ID value for the object. This value distinguishes it from other versions of the same key. Enabling and suspending versioning is done at the bucket level. When you enable versioning on an existing bucket, objects that are already stored in the bucket are unchanged. The version IDs (null), contents, and permissions remain the same. After you enable S3 Versioning for a bucket, each object that is added to the bucket gets a version ID, which distinguishes it from other versions of the same key. Only Amazon S3 generates version IDs, and they can't be edited. Version IDs are Unicode, UTF-8 encoded, URL-ready, opaque strings that are no more than 1,024 bytes long. The following is an example: 3/L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo. Using MFA delete If a bucket's versioning configuration is MFA Delete–enabled, the bucket owner must include the x-amz-mfa request header in requests to permanently delete an object version or change the versioning state of the bucket. Requests that include x-amz-mfa must use HTTPS. The header's value is the concatenation of your authentication device's serial number, a space, and the authentication code displayed on it. If you do not include this request header, the request fails. None of the options present a good solution for specifying permissions required to write and modify objects so that requirement needs to be taken care of separately. The other requirements are to prevent accidental deletion and the ensure that all versions of the document are available. The two solutions for these requirements are versioning and MFA delete. Versioning will retain a copy of each version of the document and multi-factor authentication delete (MFA delete) will prevent any accidental deletion as you need to supply a second factor when attempting a delete. CORRECT: "Enable versioning on the bucket" is a correct answer. CORRECT: "Enable MFA Delete on the bucket" is also a correct answer. INCORRECT: "Set read-only permissions on the bucket" is incorrect as this will also prevent any writing to the bucket which is not desired. INCORRECT: "Attach an IAM policy to the bucket" is incorrect as users need to modify documents which will also allow delete. Therefore, a method must be implemented to just control deletes. INCORRECT: "Encrypt the bucket using AWS SSE-S3" is incorrect as encryption doesn't stop you from deleting an object. References: Amazon Simple Storage Service > User Guide > Using versioning in S3 buckets Amazon Simple Storage Service > User Guide > Deleting an object from an MFA delete-enabled bucket
All Home

All Question 571/790


A solutions architect is designing a customer–facing application. The application is expected to have a variable amount of reads and writes depending on the time of year and clearly defined access patterns throughout the year. Management requires that database auditing and scaling be managed in the AWS Cloud. The Recovery Point Objective (RPO) must be less than 5 hours.

Which solutions can accomplish this? (Choose two.)

RefreshNextRandom

A. Use Amazon DynamoDB with auto scaling. Use on-demand backups and AWS CloudTrail.
E. Use Amazon RDS with auto scaling. Enable the database auditing parameter. Configure the backup retention period to at least 1 day.
Use Amazon DynamoDB with auto scaling. Use on-demand backups and AWS CloudTrail. CORRECT – Scalable, with backup and AWS Managed Auditing Use Amazon DynamoDB with auto scaling. Use on-demand backups and Amazon DynamoDB Streams. INCORRECT – AWS DDB Streams can be used for auditing, but its not AWS managed auditing. Use Amazon Redshift Configure concurrency scaling. Enable audit logging. Perform database snapshots every 4 INCORRECT – Not a database. Data lake Use Amazon RDS with Provisioned IOPS. Enable the database auditing parameter. Perform database snapshots every 5 INCORRECT – This does not scale Use Amazon RDS with auto scaling. Enable the database auditing parameter. Configure the backup retention period to at least 1 CORRECT – Scalable, AWS managed auditing and backup. The backup frequency is not stated but have no technical limitation which states it cannot be less 5 hours (1 day is retention period of the backup).
All Home

All Question 572/790


A company hosts its application in the AWS Cloud. The application runs on Amazon EC2 instances behind an Elastic Load Balancer in an Auto Scaling group and with an Amazon DynamoDB table. The company wants to ensure the application can be made available in another AWS Region with minimal downtime.

What should a solutions architect do to meet these requirements with the LEAST amount of downtime?

RefreshNextRandom

D. Create an Auto Scaling group and load balancer in the disaster recovery Region. Configure the DynamoDB table as a global table. Create an Amazon CloudWatch alarm to trigger and AWS Lambda function that updates Amazon Route 53 pointing to the disaster recovery load balancer.
All Home

All Question 573/790


A company has created a multi–tier application for its eCommerce website. The website uses an Application Load Balancer that resides in the public subnets, a web tier in the public subnets, and a MySQL cluster hosted on Amazon EC2 instances in the private subnets. The MySQL database needs to retrieve product catalog and pricing information that is hosted on the internet by a third–party provider. A solutions architect must devices a strategy that maximizes security without increasing operational overhead.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

C. Configure an internet gateway and attach it to the VPC. Modify the private subnet route table to direct internet-bound traffic to the internet gateway. References: Amazon Virtual Private Cloud > User Guide > NAT gateways
All Home

All Question 574/790


A company wants to move its on–premises network, attached storage (NAS) to AWS. The company wants to make the data available to any Linux instances within its VPC and ensure changes are automatically synchronized across all instances accessing the data store. The majority of the data is accessed very rarely, and some files are accessed by multiple users at the same time.
Which solution meets these requirements and is MOST cost–effective?

RefreshNextRandom

C. Create an Amazon Elastic File System (Amazon EFS) file system within the VP
All Home

All Question 575/790


A company plans to store sensitive user data on Amazon S3. Internal security compliance requirement mandate encryption of data before sending it to Amazon S3.

What should a solutions architect recommend to satisfy these requirements?

RefreshNextRandom

D. Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS) References: Amazon Simple Storage Service > User Guide > Protecting data using client-side encryption
All Home

All Question 576/790


A company has three AWS accounts Management Development and Production. These accounts use AWS services only in the us–east–1 Region All accounts have a VPC with VPC Flow Logs configured to publish data to an Amazon S3 bucket in each separate account For compliance reasons the company needs an ongoing method to aggregate all the VPC flow logs across all accounts into one destination S3 bucket in the Management account.

What should a solutions architect do to meet these requirements with the LEAST operational overhead?

RefreshNextRandom

A. Add S3 Same-Region Replication rules in each S3 bucket that stores VPC flow logs to replicate objects to the destination S3 bucket Configure the destination S3 bucket to allow objects to be received from the S3 buckets in other accounts
All Home

All Question 577/790


A company has hired a new cloud engineer who should not have access to an Amazon S3 bucket named Company Confidential. the cloud engineer must be able to read from and write to an S3 bucket called AdminTools.

Which IAM policy will meet these requirements?

A.
B.
C.
D.
All Home

All Question 578/790


A company hosts an application on multiple Amazon EC2 instances. The application processes messages from an Amazon SQS queue writes to an Amazon RDS table and deletes the message from the queue Occasional duplicate records are found in the RDS table. The SQS queue does not contain any duplicate messages.

What should a solutions architect do to ensure messages are being processed once only?

RefreshNextRandom

D. Use the ChangeMessageVisibility APi call to increase the visibility timeout
All Home

All Question 579/790


A solutions architect is creating a new Amazon CloudFront distribution for an application. Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

RefreshNextRandom

A. Configure a CloudFront signed URL
All Home

All Question 580/790


A company is Re–architecting a strongly coupled application to be loosely coupled Previously the application used a request/response pattern to communicate between tiers. The company plans to use Amazon Simple Queue Service (Amazon SQS) to achieve decoupling requirements. The initial design contains one queue for requests and one for responses However, this approach is not processing all the messages as the application scales.

What should a solutions architect do to resolve this issue?

RefreshNextRandom

A. Configure a dead-letter queue on the ReceiveMessage API action of the SQS queue.
All Home

All Question 581/790


A company designs a mobile app for its customers to upload photos to a website. The app needs a secure login with multi–factor authentication (MFA).

The company wants to limit the initial build time and the maintenance of the solution.

Which solution should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Use Amazon Cognito Identity with SMS based MFA.
All Home

All Question 582/790


The following IAM policy is attached to an IAM group. This is the only policy applied to the group.
The following IAM policy is attached to an IAM group. This is the only policy applied to the group.
What are the effective IAM permissions of this policy for group members?

RefreshNextRandom

D. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Groups are permitted any other Amazon EC2 action within the us-east-1 Region
All Home

All Question 583/790


A company is selling up an application to use an Amazon RDS MySQL DB instance. The database must be architected for high availability across Availability Zones and AWS Regions with minimal downtime.

How should a solutions architect meet this requirement?

RefreshNextRandom

C. Set up an RDS MySQL Single-AZ DB instance. Configure a read replica in a different Region.
All Home

All Question 584/790


A solution architect is designing a shared storage solution for an Auto Scaling web application. The company anticipates making frequent changes to the content, so the solution must have strong consistency.

Which solution requires the LEAST amount of effort?

RefreshNextRandom

B. Create an Amazon Elastic File system ( Amazon EFS ) file system and mount it on the individual Amazon EC2 instance
All Home

All Question 585/790


A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight, the application becomes much slower when the month–end financial calculation batch executes. This causes the CPU utilization of the EC2 instances to immediately peak to 100%, which disrupts the application.

What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?

RefreshNextRandom

C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
Scheduled Scaling for Amazon EC2 Auto Scaling Scheduled scaling allows you to set your own scaling schedule. For example, let's say that every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. You can plan your scaling actions based on the predictable traffic patterns of your web application. Scaling actions are performed automatically as a function of time and date. Scheduled scaling allows you to set your own scaling schedule. In this case the scaling action can be scheduled to occur just prior to the time that the reports will be run each month. Scaling actions are performed automatically as a function of time and date. This will ensure that there are enough EC2 instances to serve the demand and prevent the application from slowing down. CORRECT: "Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule" is the correct answer. INCORRECT: "Configure an Amazon CloudFront distribution in front of the ALB" is incorrect as this would be more suitable for providing access to global users by caching content. INCORRECT: "Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization" is incorrect as this would not prevent the slow-down from occurring as there would be a delay between when the CPU hits 100% and the metric being reported and additional instances being launched. INCORRECT: "Configure Amazon ElastiCache to remove some of the workload from the EC2 instances" is incorrect as ElastiCache is a database cache, it cannot replace the compute functions of an EC2 instance. References: Amazon EC2 Auto Scaling > User Guide > Scheduled scaling for Amazon EC2 Auto Scaling
All Home

All Question 586/790


An application requires a development environment (DEV) and production environment (PROD) for several years. The DEV instances will run for 10 hours each day during normal business hours, while the PROD instances will run 24 hours each day. A solutions architect needs to determine a compute instance purchase strategy to minimize costs.

Which solution is the MOST cost–effective?

RefreshNextRandom

C. DEV with Scheduled Reserved Instances and PROD with Reserved Instances
All Home

All Question 587/790


A company is running an application on Amazon EC2 instances. Traffic to the workload increases substantially during business hours and decreases afterward. The CPU utilization of an EC2 instance is a strong indicator of end–user demand on the application.

The company has configured an Auto Scaling group to have a minimum group size of 2 EC2 instances and a maximum group size of 10 EC2 instances.

The company is concerned that the current scaling policy that is associated with the Auto Scaling group might not be correct. The company must avoid over–provisioning EC2 instances and incurring unnecessary costs.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

D. Configure AWS Auto Scaling to have a desired capacity of 5 EC2 instances, and disable any existing scaling policies. Monitor the CPU utilization metric for 1 week. Then create dynamic scaling policies that are based on the observed values.
All Home

All Question 588/790


A company has several business systems that require access to data stored in a file share. The business systems will access the file share using the Server Message Block (SMB) protocol. The file share solution should be accessible from both of the company's legacy on–premises environments and with AWS.

Which services meet the business requirements? (Choose two.)

RefreshNextRandom

C. Amazon FSx for Windows
E. AWS Storage Gateway file gateway
All Home

All Question 589/790


A company relies on an application that needs at least 4 Amazon EC2 instances during regular traffic and must scale up to 12 EC2 instances during peak loads. The application is critical to the business and must be highly available.

Which solution will meet these requirements?

RefreshNextRandom

C. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 8 and the maximum to 12, with 4 in Availability Zone A and 4 in Availability Zone B.
All Home

All Question 590/790


A company operates a website on Amazon EC2 Linux instances Some of the instances are failing. Troubleshooting points to insufficient swap space on the failed instances. The operations team lead needs a solution to monitor this

What should a solutions architect recommend?

RefreshNextRandom

A. Configure an Amazon CloudWatch SwapUsage metric dimension Monitor the SwapUsage dimension in the EC2 metrics in CloudWatch.
All Home

All Question 591/790


A company wants to deploy a shared file system for its .NET application servers and Microsoft SQL Server databases running on Amazon EC2 instances with Windows Server 2016. The solution must be able to be integrated into the corporate Active Directory domain, be highly durable, be managed by AWS, and provide high levels of throughput and IOPS.

Which solution meets these requirements?

RefreshNextRandom

A. Use Amazon FSx for Windows File Server. References: Amazon FSx for Windows File Server
All Home

All Question 592/790


A company runs an internal browser–based application. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales up to 20 instances during work hours, but scales down to 2 instances overnight. Staff are complaining that the application is very slow when the day begins, although it runs well by mid–morning.

How should the scaling be changed to address the staff complaints and keep costs to a minimum?

RefreshNextRandom

A. Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens.
Though this sounds like a good use case for scheduled actions, both answers using scheduled actions will have 20 instances running regardless of actual demand. A better option to be more cost effective is to use a target tracking action that triggers at a lower CPU threshold. With this solution the scaling will occur before the CPU utilization gets to a point where performance is affected. This will result in resolving the performance issues whilst minimizing costs. Using a reduced cooldown period will also more quickly terminate unneeded instances, further reducing costs. References: Amazon EC2 Auto Scaling > User Guide > Target tracking scaling policies for Amazon EC2 Auto Scaling
All Home

All Question 593/790


An eCommerce website is deploying its web application as Amazon Elastic Container Service (Amazon ECS) container instance behind an Application Load Balancer (ALB). During periods of high activity, the website slows down and availability is reduced.

A solutions architect uses Amazon CloudWatch alarms to receive notifications whenever there is an availability issues so they can scale out resource Company management wants a solution that automatically responds to such events.

Which solution meets these requirements?

RefreshNextRandom

D. Set up AWS Auto Scaling to scale out the ECS service when the ALB target group CPU utilization is too high. Set up AWS Auto Scaling to scale out the ECS cluster when the CPU or memory reservation is too high.
All Home

All Question 594/790


A company has a Microsoft Windows–based application that must be migrated to AWS. This application requires the use of a shared Windows file system attached to multiple Amazon EC2 Windows instances.

What should a solutions architect do to accomplish this?

RefreshNextRandom

C. Configure Amazon FSx for Windows File Server. Mount the Amazon FSx volume to each Windows instance.
All Home

All Question 595/790


A company requires a durable backup storage solution for its on–premises database servers while ensuring on–premises applications maintain access to these backups for quick recovery. The company will use AWS storage services as the destination for these backups. A solutions architect is designing a solution with minimal operational overhead.

Which solution should the solutions architect implement?

RefreshNextRandom

A. Deploy an AWS Storage Gateway file gateway on-premises and associate it with an Amazon S3 bucket.
Network Load Balancer overview A Network Load Balancer functions at the fourth layer of the Open Systems Interconnection (OSI) model. It can handle millions of requests per second. After the load balancer receives a connection request, it selects a target from the target group for the default rule. It attempts to open a TCP connection to the selected target on the port specified in the listener configuration. When you enable an Availability Zone for the load balancer, Elastic Load Balancing creates a load balancer node in the Availability Zone. By default, each load balancer node distributes traffic across the registered targets in its Availability Zone only. If you enable cross-zone load balancing, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones. For more information, see Availability Zones. If you enable multiple Availability Zones for your load balancer and ensure that each target group has at least one target in each enabled Availability Zone, this increases the fault tolerance of your applications. For example, if one or more target groups does not have a healthy target in an Availability Zone, we remove the IP address for the corresponding subnet from DNS, but the load balancer nodes in the other Availability Zones are still available to route traffic. If a client doesn't honor the time-to-live (TTL) and sends requests to the IP address after it is removed from DNS, the requests fail. For TCP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, destination port, and TCP sequence number. The TCP connections from a client have different source ports and sequence numbers, and can be routed to different targets. Each individual TCP connection is routed to a single target for the life of the connection. For UDP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, and destination port. A UDP flow has the same source and destination, so it is consistently routed to a single target throughout its lifetime. Different UDP flows have different source IP addresses and ports, so they can be routed to different targets. An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service. The size of an Auto Scaling group depends on the number of instances that you set as the desired capacity. You can adjust its size to meet demand, either manually or by using automatic scaling. An Auto Scaling group starts by launching enough instances to meet its desired capacity. It maintains this number of instances by performing periodic health checks on the instances in the group. The Auto Scaling group continues to maintain a fixed number of instances even if an instance becomes unhealthy. If an instance becomes unhealthy, the group terminates the unhealthy instance and launches another instance to replace it.
All Home

All Question 596/790


A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.

What should a solutions architect do to secure the audit documents?

RefreshNextRandom

A. Enable the versioning and MFA Delete features on the S3 bucket. References: Amazon Simple Storage Service > User Guide > Security Best Practices for Amazon S3
All Home

All Question 597/790


A solutions architect is designing a solution that will include a database in Amazon RDS Corporate security policy mandates that the database its logs, and its backups are all encrypted.

What is the MOST efficient option to fulfill the security policy using Amazon RDS?

RefreshNextRandom

C. Launch an Amazon RDS instance with encryption enabled Logs and backups are automatically encrypted
All Home

All Question 598/790


A company is performing an AWS Well–Architected Framework review of an existing workload deployed on AWS. The review identified a public–facing website running on the same Amazon EC2 instance as a Microsoft Active Directory domain controller that was installed recently to support other AWS services. A solutions architect needs to recommend a new design that would improve the security of the architecture and minimize the administrative demand on IT staff.

What should the solutions architect recommend?

RefreshNextRandom

A. Use AWS Directory Service to create a managed Active Directory. Uninstall Active Directory on the current EC2 instance.
AWS Managed Microsoft AD: AWS Directory Service lets you run Microsoft Active Directory (AD) as a managed service. AWS Directory Service for Microsoft Active Directory, also referred to as AWS Managed Microsoft AD, is powered by Windows Server 2012 R2. When you select and launch this directory type, it is created as a highly available pair of domain controllers connected to your virtual private cloud (VPC). The domain controllers run in different Availability Zones in a region of your choice. Host monitoring and recovery, data replication, snapshots, and software updates are automatically configured and managed for you. Migrate AD to AWS Managed AD and keep the webserver alone. Reduce risk = remove AD from that EC2. Minimize admin = remove AD from any EC2 -> use AWS Directory Service Active Directory connector is only for ON-PREM AD. The one they have exists in the cloud already.
All Home

All Question 599/790


A company has recently updated its internal security standards. The company must now ensure all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes are encrypted with keys created and periodically rotated by internal security specialists. The company is looking for a native, software–based AWS service to accomplish this goal.

What should a solutions architect recommend as a solution?

RefreshNextRandom

A. Use AWS Secrets Manager with customer master keys (CMKs) to store master key material and apply a routine to create a new CMK periodically and replace it in AWS Secrets Manager.
All Home

All Question 600/790



What should a solution architect do to connect issue?

RefreshNextRandom

A. Create security group rules using the instance ID as the source destination.
All Home

All Question 601/790


A company hosts its application using Amazon Elastic Container Service (Amazon ECS) and wants to ensure high availability. The company wants to be able to deploy updates to its application even if nodes in one Availability Zone are not accessible.

The expected request volume for the application is 100 requests per second, and each container task is able to serve at least 60 requests per second. The company set up Amazon ECS with a rolling update deployment type with the minimum healthy percent parameter set to 50% and the maximum percent set to 100%.

Which configuration of tasks and Availability Zones meets these requirements?

RefreshNextRandom

A. Deploy the application across two Availability Zones, with one task in each Availability Zone.
All Home

All Question 602/790


A mobile gaming company runs application servers on Amazon EC2 instances. The servers receive updates from players every 15 minutes. The mobile game creates a JSON object of the progress made in the game since the last update, and sends the JSON object to an Application Load Balancer. As the mobile game is played, game updates are being lost. The company wants to create a durable way to get the updates in older.

What should a solutions architect recommend to decouple the system?

RefreshNextRandom

C. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues to capture the data and EC2 instances to process the messages in the queue.
All Home

All Question 603/790


A company is moving its on–premises applications to Amazon EC2 instances. However, as a result of fluctuating compute requirements, the EC2 instances must always be ready to use between 8 AM and 5 PM in specific Availability Zones.

Which EC2 instances should the company choose to run the applications?

RefreshNextRandom

A. Scheduled Reserved Instances
All Home

All Question 604/790


A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be deleted. Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days.

Which storage solution is MOST cost effective?

RefreshNextRandom

C. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Delete the files 4 years after the object creation.
All Home

All Question 605/790


In Amazon EC2 Container Service, are other container types supported?

RefreshNextRandom

C. No, Docker is the only container platform supported by EC2 Container Service presently.
In Amazon EC2 Container Service, Docker is the only container platform supported by EC2 Container Service presently. References: Amazon Elastic Container Service FAQs
All Home

All Question 606/790


A solutions architect is developing a multiple–subnet VPC architecture. The solution will consist of six subnets in two Availability Zones. The subnets are defined as public, private and dedicated for databases.

Only the Amazon EC2 instances running in the private subnets should be able to access a database.

Which solution meets these requirements?

RefreshNextRandom

C. Create a security group that allows ingress from the security group used by instances in the private subnets. Attach the security group to an Amazon RDS DB instance.
All Home

All Question 607/790


You need to migrate a large amount of data into the cloud that you have stored on a hard disk and you decide that the best way to accomplish this is with AWS Import/Export and you mail the hard disk to AWS.

Which of the following statements is incorrect in regards to AWS Import/Export?

RefreshNextRandom

C. It can export from Amazon Glacier.
AWS Import/Export supports: Import to Amazon S3 Export from Amazon S3 Import to Amazon EBS Import to Amazon Glacier AWS Import/Export does not currently support export from Amazon EBS or Amazon Glacier. References: AWS Snowball
All Home

All Question 608/790


A company is designing a message–driven order processing application on AWS.

The application consists of many services and needs to communicate the results of its processing to multiple consuming services.

Each of the consuming services may take up to 5 days to receive the messages. Which process will meet these requirements?

RefreshNextRandom

C. The application sends the results of its processing to an Amazon Simple Queue Service (Amazon SQS) queue. Each consuming service runs as an AWS Lambda function that consumes this single SQS queue.
All Home

All Question 609/790


company owns an asynchronous API that is used to ingest user requests and, based on the request type, dispatch requests to the appropriate microservice for processing. The company is using Amazon API Gateway to deploy the API front end, and an AWS Lambda function that invokes Amazon DynamoDB to store user requests before dispatching them to the processing microservices.

The company provisioned as much DynamoDB throughput as its budget allows, but the company is still experiencing availability issues and is losing user requests.

What should a solutions architect do to address this issue without impacting existing users?

RefreshNextRandom

B. Use DynamoDB Accelerator (DAX) and Lambda to buffer writes to DynamoDB.
All Home

All Question 610/790


A solutions architect is optimizing a website for an upcoming musical event Videos of the performances will be streamed in real–time and then will be available on demand. The event is expected to attract a global online audience

Which service will improve the performance of both real–time and on–demand streaming?

RefreshNextRandom

A. Amazon CloudFront
Amazon CloudFront can be used to stream video to users across the globe using a wide variety of protocols that are layered on top of HTTP. This can include both on-demand video as well as real-time streaming video. CORRECT: "Amazon CloudFront" is the correct answer. INCORRECT: "AWS Global Accelerator" is incorrect as this would be an expensive way of getting the content closer to users compared to using CloudFront. As this is a use case for CloudFront and there are so many edge locations it is the better option. INCORRECT: "Amazon Route 53" is incorrect as you still need a solution for getting the content closer to users. INCORRECT: "Amazon S3 Transfer Acceleration" is incorrect as this is used to accelerate uploads of data to Amazon S3 buckets. References: Amazon CloudFront media streaming tutorials Amazon CloudFront > Developer Guide > Video on Demand and Live Streaming Video with CloudFront
All Home

All Question 611/790


A company purchased Amazon EC2 Partial Upfront Reserved Instances for a 1–year term. A solutions architect wants to analyze how much the daily effective cost is with all possible discounts.

Which view must the solutions architect choose in the advanced options of Cost Explorer to get the correct values?

RefreshNextRandom

C. Show amortized costs
All Home

All Question 612/790


A company has an Amazon EC2 instance running on a private subnet that needs to access a public website to download patches and updates.

The company does not want external websites to see the EC2 instance IP address or initiate connections to it.

How can a solutions architect achieve this objective?

RefreshNextRandom

B. Create a NAT gateway in a public subnet. Route outbound traffic from the private subnet through the NAT gateway.
All Home

All Question 613/790


A company captures clickstream data from multiple websites and analyzes it using batch processing. The data is loaded nightly into Amazon Redshift and is consumed by business analysts. The company wants to move towards near–real–time data processing for timely insights. The solution should process the streaming data with minimal effort and operational overhead.

Which combination of AWS services are MOST cost–effective for this solution? (Choose two.)

RefreshNextRandom

A. Amazon EC2
D. Amazon Kinesis Data Firehose
Kinesis Data Streams and Kinesis Client Library (KCL) – Data from the data source can be continuously captured and streamed in near real-time using Kinesis Data Streams. With the Kinesis Client Library (KCL), you can build your own application that can preprocess the streaming data as they arrive and emit the data for generating incremental views and downstream analysis. Kinesis Data Analytics – This service provides the easiest way to process the data that is streaming through Kinesis Data Stream or Kinesis Data Firehose using SQL. This enables customers to gain actionable insight in near real-time from the incremental stream before storing it in Amazon S3. Lambda architecture building blocks on AWS References: Evolve from batch to real-time analytics
All Home

All Question 614/790


A meteorological startup company has a custom web application to sell weather data to its users online.

The company uses Amazon DynamoDB to store its data and wants to build a new service that sends an alert to the managers of four internal teams every time a new weather event is recorded. The company does not want this new service to affect the performance of the current application.

What should a solutions architect do to meet these requirements with the LEAST amount of operational overhead?

RefreshNextRandom

A. Use DynamoDB transactions to write new event data to the table. Configure the transactions to notify internal teams.
All Home

All Question 615/790


A company has thousands of files stored in an Amazon S3 bucket that has a well–defined access pattern. The files are accessed by an application multiple times a day for the first 30 days. Files are rarely accessed within the next 90 days. After that, the files are never accessed again. During the first 120 days, accessing these files should never take more than a few seconds.

Which lifecycle policy should be used for the S3 objects to minimize costs based on the access pattern?

RefreshNextRandom

B. Use Amazon S3 Standard storage for the first 30 days. Then move the files to Amazon S3 Standard- Infrequent Access (S3 Standard-IA) for the next 90 days. Allow the data to expire after that.
It is mentioned that they need to access data in few seconds during the 120 days.
All Home

All Question 616/790


A company runs a production application on a fleet of Amazon EC2 instances. The application reads the data from an Amazon SQS queue and processes the messages in parallel. The message volume is unpredictable and often has intermittent traffic. This application should continually process messages without any downtime.

Which solution meets these requirements MOST cost–effectively?

RefreshNextRandom

C. Use Reserved Instances for the baseline capacity and use Spot Instances to handle additional capacity.
All Home

All Question 617/790


A company is hosting its website by using Amazon EC2 instance behind an Elastic Load Balancer across multiple Availability Zones.

The instance run in an EC2 Auto Scaling group.

The website uses Amazon Elastic Block Store (Amazon EBS) volumes to store product manuals for users to download.

The company updates the product content often, so new instance launched by the Auto Scaling group often have old data.

It can take up to 30 minutes for the new instances to receive all the updates.

The updates also requires the EBS volumes to be resized during business hours.

The company wants to ensure that the product manuals are always up to date on all that the architecture adjusts quickly to increased user demand.

A solutions architect needs to meet these requirements without causing the company to update its application code or adjust its website.

What should the solution architect do to accomplish this goal?

RefreshNextRandom

D. Store the product manual in an Amazon S3 Standard-infrequent Access (S3 Standard-IA) bucket. Redirect the downloads to this bucket.
All Home

All Question 618/790


A solutions architect needs to design a managed storage solution for a company's application that includes high–performance machine learning. This application runs on AWS Fargate, and the connected storage needs to have concurrent access to files and deliver high performance.

Which storage option should the solutions architect recommend?

RefreshNextRandom

B. Create an Amazon FSx for Lustre file share and establish an IAM role that allows Fargate to communicate with FSx for Lustre.
Keyword: Concurrent Access to files + Deliver High Performance Amazon FSx: A high-performance file system optimized for fast processing of workloads. Lustre is a popular open-source parallel file system. Also supports concurrent access to the same file or directory from thousands of compute instances. Amazon IAM with FSx: Amazon FSx is integrated with AWS Identity and Access Management (IAM). This integration means that you can control the actions your AWS IAM users and groups can take to manage your file systems (such as creating and deleting file systems). You can also tag your Amazon FSx resources and control the actions that your IAM users and groups can take based on those. Fargate Launch Type – So, Answer C & D Ruled-out as per Neal David. Fargate automatically provisions resources Fargate provisions and manages compute Charged for running tasks. No EFS and EBS integration Fargate handles cluster optimization. Limited control, infrastructure is automated References: Amazon Elastic File System
All Home

All Question 619/790


A company runs a web–based portal that provides users with global breaking news, local alerts, and weather updates.

The portal delivers each user a personalized view by using a mixture of static and dynamic content.

Content is served over HTTPS through an API server running on an Amazon EC2 instance behind an Application Load Balancer (ALB).

The company wants the portal to provide this content to its users across the world as quickly s possible.

How should a solutions architect design the application to ensure the LEAST amount of latency for all users?

RefreshNextRandom

B. Deploy the application stack in two AWS Regions. Use an Amazon Route 53 latency routing policy to serve all content from the ALB in the closest Region.
All Home

All Question 620/790


A company uses Amazon RDS for PostgreSQL databases for its data tier. The company must implement password rotation for the databases.

Which solution meets this requirement with the LEAST operational overhead?

RefreshNextRandom

A. Store the password in AWS Secrets Manager. Enable automatic rotation on the secret.
All Home

All Question 621/790


A company is designing a new application that runs in a VPC on Amazon EC2 instances. The application stores data in Amazon S3 and uses Amazon DynamoDB as its database. For compliance reasons, the company prohibits all traffic between the EC2 instances and other AWS services from passing over the public internet.

What can a solutions architect do to meet this requirement?

RefreshNextRandom

C. Configure a gateway VPC endpoint to Amazon S3. Configure an interface VPC endpoint to DynamoDB.
All Home

All Question 622/790


A solutions architect is working on optimizing a legacy document management application running on Microsoft Windows Server in an on–premises data center. The application stores a large number of files on a network file share. The chief information officer wants to reduce the on–premises data center footprint and minimize storage costs by moving on–premises storage to AWS.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

A. Set up an AWS Storage Gateway file gateway.
All Home

All Question 623/790


A company hosts its web application on AWS using seven Amazon EC2 instances.

The company requires that the IP addresses of all healthy EC2 instances be returned in response to DNS queries.

Which policy should be used to meet this requirement?

RefreshNextRandom

C. Multivalue routing policy
All Home

All Question 624/790


A solutions architect is designing a solution where users will be directed to a backup static error page if the primary website is unavailable. The primary website's DNS records are hosted in Amazon Route 53 where their domain is pointing to an Application Load Balancer (ALB).

Which configuration should the solutions architect use to meet the company's needs while minimizing changes and infrastructure overhead?

RefreshNextRandom

B. Set up a Route 53 active-passive failover configuration. Direct traffic to a static error page hosted within an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy.
Active-passive failover Use an active-passive failover configuration when you want a primary resource or group of resources to be available the majority of the time and you want a secondary resource or group of resources to be on standby in case all the primary resources become unavailable. When responding to queries, Route 53 includes only the healthy primary resources. If all the primary resources are unhealthy, Route 53 begins to include only the healthy secondary resources in response to DNS queries. To create an active-passive failover configuration with one primary record and one secondary record, you just create the records and specify Failover for the routing policy. When the primary resource is healthy, Route 53 responds to DNS queries using the primary record. When the primary resource is unhealthy, Route 53 responds to DNS queries using the secondary record. How Amazon Route 53 averts cascading failures As the first defense against cascading failures, each request routing algorithm (such as weighted and failover) has a mode of last resort. In this special mode, when all records are considered unhealthy, the Route 53 algorithm reverts to considering all records healthy. For example, if all instances of an application, on several hosts, are rejecting health check requests, Route 53 DNS servers will choose an answer anyway and return it rather than returning no DNS answer or returning an NXDOMAIN (non-existent domain) response. An application can respond to users but still fail health checks, so this provides some protection against misconfiguration. Similarly, if an application is overloaded, and one out of three endpoints fails its health checks, so that it's excluded from Route 53 DNS responses, Route 53 distributes responses between the two remaining endpoints. If the remaining endpoints are unable to handle the additional load and they fail, Route 53 reverts to distributing requests to all three endpoints. Using Amazon CloudFront as the front-end provides the option to specify a custom message instead of the default message. To specify the specific file that you want to return and the errors for which the file should be returned, you update your CloudFront distribution to specify those values. For example, the following is a customized error message: The CloudFront distribution can use the ALB as the origin, which will cause the website content to be cached on the CloudFront edge caches. This solution represents the most operationally efficient choice as no action is required in the event of an issue, other than troubleshooting the root cause. References: Amazon CloudFront > Developer Guide > What is Amazon CloudFront?
All Home

All Question 625/790


A company needs to use its on–premises LDAP directory service to authenticate its users to the AWS Management Console.

The directory service is not compatible with Security Assertion Markup Language (SAML).

Which solution meets these requirements?

RefreshNextRandom

A. Enable AWS Single Sign-On between AWS and the on-premises LDAP
All Home

All Question 626/790


A company is hosting its static website in an Amazon S3 bucket, which is the origin for Amazon CloudFront.

The company has users in the United States, Canada, and Europe and wants to reduce costs.

What should a solutions architect recommend?

RefreshNextRandom

C. Modify the CloudFront price class to include only the locations of the countries that are served.
All Home

All Question 627/790


You have set up an Auto Scaling group. The cool down period for the Auto Scaling group is 7 minutes. The first instance is launched after 3 minutes, while the second instance is launched after 4 minutes. How many minutes after the first instance is launched will Auto Scaling accept another scaling activity request?

RefreshNextRandom

A. 11 minutes
If an Auto Scaling group is launching more than one instance, the cool down period for each instance starts after that instance is launched. The group remains locked until the last instance that was launched has completed its cool down period. In this case the cool down period for the first instance starts after 3 minutes and finishes at the 10th minute (3+7 cool down), while for the second instance it starts at the 4th minute and finishes at the 11th minute (4+7 cool down). Thus, the Auto Scaling group will receive another request only after 11 minutes. References: Amazon EC2 Auto Scaling > User Guide > What is Amazon EC2 Auto Scaling?
All Home

All Question 628/790


A company has a large dataset for its online advertising business stored in an Amazon RDS for MySQL DB instance in a single Availability Zone. The company wants business reporting queries to run without impacting the write operations to the production DB instance.

Which solution meets these requirements?

RefreshNextRandom

A. Deploy RDS read replicas to process the business reporting queries.
All Home

All Question 629/790


A company has an image processing workload running on Amazon Elastic Container Service (Amazon ECS) in two private subnets. Each private subnet uses a NAT instance for internet access. All images are stored in Amazon S3 buckets. The company is concerned about the data transfer costs between Amazon ECS and Amazon S3.

What should a solutions architect do to reduce costs?

RefreshNextRandom

C. Configure an interface endpoint for traffic destined to Amazon S3.
S3 and Dynamo DB does not support interface endpoints. Both S3 and DynamoDB are routed via Gateway endpoint. Interface Endpoint only supports services that are integrated with PrivateLink. References: Amazon Virtual Private Cloud > AWS PrivateLink > VPC endpoints Amazon Virtual Private Cloud > AWS PrivateLink > AWS services that integrate with AWS PrivateLink
All Home

All Question 630/790


An application running on AWS generates audit logs of operational activities Compliance requirements mandate that the application retain the logs for 5 years.

How can these requirements be met?

RefreshNextRandom

A. Save the togs in an Amazon S3 bucket and enable MFA Delete on the bucket
All Home

All Question 631/790


An environment has an Auto Scaling group across two Availability Zones to as AZ–a and AZ–b has four instances, and AZ–b has three EC2 instances.

The Auto Scaling group uses a default termination policies. None of the instances are protected from a scale–in event.

How will Auto Scaling processed if there is a scale–in event?

RefreshNextRandom

C. Auto Scaling selects the Availability Zone with four EC2 instances, and then continues to evaluate.
All Home

All Question 632/790


A company is deploying an application that processes large quantities of data in parallel. The company plans to use Amazon EC2 instances for the workload.

The network architecture must be configurable to provide the lowest possible latency between nodes.

Which combination of network solutions will meet these requirements? (Select TWO)

RefreshNextRandom

C. Place the EC2 instances in a single Availability Zone
E. Run the EC2 instances in a cluster placement group
All Home

All Question 633/790


A solutions architect is designing an architecture for a new application that requires low network latency and high network throughput between Amazon EC2 instances. Which component should be included in the architectural design?

RefreshNextRandom

B. A placement group using a cluster placement strategy.
All Home

All Question 634/790


What should a solutions architect do to optimize utilization MOST cost–effectively?

RefreshNextRandom

D. Convert the original Aurora Database to Aurora Aurora serverless
All Home

All Question 635/790


A company has 150 TB of archived image data stored on–premises that needs to be moved to the AWS Cloud within the next month. The company's current network connection allows up to 100 Mbps uploads for this purpose during the night only.

What is the MOST cost–effective mechanism to move this data and meet the migration deadline?

RefreshNextRandom

B. Order multiple AWS Snowball devices to ship the data to AWS.
All Home

https://pupuweb.com/aws–saa–c02–actual–exam–question–answer–dumps/
All Home

All Question 637/790


A media streaming company collects real–time data and stores it in a disk–optimized database system. The company is not getting the expected throughput and wants an in–memory database storage solution that performs faster and provides high availability using data replication.

Which database should a solutions architect recommend?

RefreshNextRandom

C. Amazon ElastiCache for Redis
In-memory databases on AWS Amazon Elasticache for Redis. Amazon ElastiCache for Redis is a blazing fast in-memory data store that provides submillisecond latency to power internet-scale, real-time applications. Developers can use ElastiCache for Redis as an in-memory nonrelational database. The ElastiCache for Redis cluster configuration supports up to 15 shards and enables customers to run Redis workloads with up to 6.1 TB of in-memory capacity in a single cluster. ElastiCache for Redis also provides the ability to add and remove shards from a running cluster. You can dynamically scale out and even scale in your Redis cluster workloads to adapt to changes in demand. Amazon ElastiCache is an in-memory database. With ElastiCache Memcached there is no data replication or high availability. As you can see in the diagram, each node is a separate partition of data: Therefore, the Redis engine must be used which does support both data replication and clustering. The following diagram shows a Redis architecture with cluster mode enabled: CORRECT: "Amazon ElastiCache for Redis" is the correct answer. INCORRECT: "Amazon ElastiCache for Memcached" is incorrect as Memcached does not support data replication or high availability. INCORRECT: "Amazon RDS for MySQL" is incorrect as this is not an in-memory database. INCORRECT: "Amazon RDS for PostgreSQL" is incorrect as this is not an in-memory database. References: Amazon ElastiCache for Redis
All Home

All Question 638/790


A company has a live chat application running on its on–premises servers that use WebSockets. The company wants to migrate the application to AWS. Application traffic is inconsistent, and the company expects there to be more traffic with sharp spikes in the future.

The company wants a highly scalable solution with no server maintenance nor advanced capacity planning.

Which solution meets these requirements?

RefreshNextRandom

B. Use Amazon API Gateway and AWS Lambda with an Amazon DynamoDB table as the data store. Configure the DynamoDB table for on-demand capacity.
All Home

All Question 639/790


The following IAM policy is attached to an IAM group.
What are the effective IAM permissions of this policy for group members?
This is the only policy applied to the group.

What are the effective IAM permissions of this policy for group members?

RefreshNextRandom

D. Group members are allowed the ec2 Stoplnstances and ec2. Terminate instances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA) Group members are permitted any other Amazon EC2 action within the us-east-1 Region.
All Home

All Question 640/790



What should a solutions architect do to correct this issue?

RefreshNextRandom

B. Create security group rules using the security group ID as the source or destination.
All Home

All Question 641/790


A solution architect is creating a new Amazon CloudFront distribution for an application Some of Ine information submitted by users is sensitive. The application uses HTTPS but needs another layer" of security. The sensitive information should be protected throughout the entire application stack end access to the information should be restricted to certain applications

Which action should the solutions architect take?

RefreshNextRandom

C. Configure a CloudFront field-level encryption profile
All Home

All Question 642/790


A company hosts its website on AWS. To address the highly variable demand, the company has implemented Amazon EC2 Auto Scaling.

Management is concerned that the company is over–provisioning its infrastructure, especially at the front end of the three–tier application. A solutions architect needs to ensure costs are optimized without impacting performance.

What should the solutions architect do to accomplish this?

RefreshNextRandom

D. Use Auto Scaling with a target tracking scaling policy. References: Amazon EC2 Auto Scaling > User Guid > Target tracking scaling policies for Amazon EC2 Auto Scaling
All Home

All Question 643/790


In DynamoDB, could you use IAM to grant access to Amazon DynamoDB resources and API actions?

RefreshNextRandom

D. Yes
Amazon DynamoDB integrates with AWS Identity and Access Management (IAM). You can use AWS IAM to grant access to Amazon DynamoDB resources and API actions. To do this, you first write an AWS IAM policy, which is a document that explicitly lists the permissions you want to grant. You then attach that policy to an AWS IAM user or role. References: Amazon DynamoDB > Developer Guide > Identity and Access Management in Amazon DynamoDB
All Home

All Question 644/790



The company launches new products twice a month. This increases website traffic by approximately 400% for a minimum of 72 hours. During product launches, users experience slow response times and frequent timeout errors in their browsers.

What should a solutions architect do to mitigate the slow response times and timeout errors while minimizing operational overhead?

RefreshNextRandom

A. Increase the instance size of the web server.
All Home

All Question 645/790


A company receives data from different sources and implements multiple applications to consume this data. There are many short–running jobs that run only on the weekend.

The data arrives in batches rather than throughout the entire weekend.

The company needs an environment on AWS to ingest and process this data while maintaining the order of the transactions.

Which combination of AWS services meets these requirements in the MOST cost–effective manner?

RefreshNextRandom

A. Amazon Kinesis Data Streams with AWS Lambda
All Home

All Question 646/790


A company is planning to transfer multiple terabytes of data to AWS. The data is collected offline from ships. The company want to run complex transformation before transferring the data.

Which AWS service should a solutions architect recommend for this migration?

RefreshNextRandom

D. AWS Snowball Edge Compute Optimize
All Home

All Question 647/790


A company's facility has badge readers at every entrance throughout the building. When badges are scanned, the readers send a message over HTTPS to indicate who attempted to access that particular entrance.

A solutions architect must design a system to process these messages from the sensors. The solution must be highly available, and the results must be made available for the company's security team to analyze.

Which system architecture should the solutions architect recommend?

RefreshNextRandom

B. Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway endpoint to invoke an AWS Lambda function to process the messages and save the results to an Amazon DynamoDB table.
All Home

All Question 648/790


A company's application is running on Amazon EC2 instances in a single Region. In the event of a disaster, a solutions architect needs to ensure that the resources can also be deployed to a second Region.

Which combination of actions should the solutions architect take to accomplish this? (Choose two.)

RefreshNextRandom

B. Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region.
D. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination.
Cross Region EC2 AMI Copy We know that you want to build applications that span AWS Regions and we're working to provide you with the services and features needed to do so. We started out by launching the EBS Snapshot Copy feature late last year. This feature gave you the ability to copy a snapshot from Region to Region with just a couple of clicks. In addition, last month we made a significant reduction (26% to 83%) in the cost of transferring data between AWS Regions, making it less expensive to operate in more than one AWS region. Today we are introducing a new feature: Amazon Machine Image (AMI) Copy. AMI Copy enables you to easily copy your Amazon Machine Images between AWS Regions. AMI Copy helps enable several key scenarios including: Simple and Consistent Multi-Region Deployment – You can copy an AMI from one region to another, enabling you to easily launch consistent instances based on the same AMI into different regions. Scalability – You can more easily design and build world-scale applications that meet the needs of your users, regardless of their location. Performance – You can increase performance by distributing your application and locating critical components of your application in closer proximity to your users. You can also take advantage of region specific features such as instance types or other AWS services. Even Higher Availability – You can design and deploy applications across AWS regions, to increase availability. Once the new AMI is in an Available state the copy is complete. Once the new AMI is in an Available state the copy is complete.
All Home

All Question 649/790


You've created your first load balancer and have registered your EC2 instances with the load balancer. Elastic Load Balancing routinely performs health checks on all the registered EC2 instances and automatically distributes all incoming requests to the DNS name of your load balancer across your registered, healthy EC2 instances. By default, the load balancer uses the protocol for checking the health of your instances.

RefreshNextRandom

B. HTTP
In Elastic Load Balancing a health configuration uses information such as protocol, ping port, ping path (URL), response timeout period, and health check interval to determine the health state of the instances registered with the load balancer. Currently, HTTP on port 80 is the default health check. References: Elastic Load Balancing > User Guide > How Elastic Load Balancing works
All Home

All Question 650/790


A company sells ringtones created from clips of popular songs. The files containing the ringtones are stored in Amazon S3 Standard and are at least 123 KB m size.

The company has millions of files but downloads are infrequent for ringtones older than 90 days. The company needs to save money on storage while keeping the most accessed files readily available for its users.

Which action should the company take to meet these requirements MOST cost–effectively?

RefreshNextRandom

A. Configure S3 Standard-infrequent Access (S3 Standard-IA) storage for the initial storage tier of the objects
All Home

All Question 651/790


A company is planning to build a new web application on AWS. The company expects predictable traffic most of the year and very high traffic on occasion. The web application needs to be highly available and fault tolerant with minimal latency.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

B. Use Amazon EC2 instances in an Auto Scaling group with an Application Load Balancer across multiple Availability Zones.
All Home

All Question 652/790


A company's legacy application is currently relying on a single–instance Amazon RDS MySQL database without encryption Due to new compliance requirements, all existing and new data in this database must be encrypted

How should this be accomplished?

RefreshNextRandom

C. Take a snapshot of the RDS instance Create an encrypted copy of the snapshot Restore the RDS instance from the encrypted snapshot
How do I encrypt Amazon RDS snapshots? The following steps are applicable to Amazon RDS for MySQL, Oracle, SQL Server, PostgreSQL, or MariaDB. Important: If you use Amazon Aurora, you can restore an unencrypted Aurora DB cluster snapshot to an encrypted Aurora DB cluster if you specify an AWS Key Management Service (AWS KMS) encryption key when you restore from the unencrypted DB cluster snapshot. For more information, see Limitations of Amazon RDS Encrypted DB Instances. Open the Amazon RDS console, and then choose Snapshots from the navigation pane. Select the snapshot that you want to encrypt. Under Snapshot Actions, choose Copy Snapshot. Choose your Destination Region, and then enter your New DB Snapshot Identifier. Change Enable Encryption to Yes. Select your Master Key from the list, and then choose Copy Snapshot. After the snapshot status is available, the Encrypted field will be True to indicate that the snapshot is encrypted. You now have an encrypted snapshot of your DB. You can use this encrypted DB snapshot to restore the DB instance from the DB snapshot.
All Home

All Question 653/790


A company is using Amazon DynamoDB to stage its product catalog which is 1 GB.

Since a product entry on average consists of100 KB of data, and the average traffic is about 250 requests per second, the database administrator has provisioned 3.000 RCUs of read capacity throughput.

However, some products are very popular and users are experiencing delays or timeouts due to throttling.

What improvement offers a long–term solution to this problem?

RefreshNextRandom

B. Use Amazon DynamoDB Accelerator to maintain the frequently read items
All Home

All Question 654/790


A company recently launched a new service that involves medical images. The company scans the images and sends them from its on–premises data center through an AWS Direct Connect connection to Amazon EC2 instances. After processing is complete, the images are stored in an Amazon S3 bucket.

A company requirement states that the EC2 instances cannot be accessible through the internet. The EC2 instances run in a private subnet, which has a default route back to the on–premises data center for outbound internet access.

Usage of the new service is increasing rapidly. A solutions architect must recommend a solution that meets the company's requirements and reduces the Direct Connect charges.

Which solution accomplishes these goals MOST cost–effectively?

RefreshNextRandom

B. Configure a NAT gateway in a public subnet. Configure the private subnet's route table to use the NAT gateway.
All Home

All Question 655/790


A company has an application that scans millions of connected devices for security threats and pushes the scan logs to an Amazon S3 bucket.

A total of 70 GB of data is generated each week, and the company needs to store 3 years of data for historical reporting.

The company must process, aggregate, and enrich the data from Amazon S3 by performing complex analytical queries and joins in the least amount of time.

The aggregated dataset is visualized on an Amazon QuickSight dashboard. What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Create and run an ETL job in AWS Glue to process the data from Amazon S3 and load it into Amazon Redshift. Perform the aggregation queries on Amazon Redshift.
All Home

All Question 656/790


A company needs a storage solution for an application that runs on a high performance computing (HPC) cluster. The cluster is hosted on AWS Fargate for Amazon Elastic Container Service (Amazon ECS). The company needs a mountable file system that provides concurrent access to files while delivering hundreds of Gbps of throughput at sub–millisecond latencies

Which solution meets these requirements?

RefreshNextRandom

A. Create an Amazon FSx for Lustre file share for the application data Create an IAM role that allows Fargate to access the FSx for Lustre file share
All Home

All Question 657/790


A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access.

Which of the following would be the LEAST complicated implementation?

RefreshNextRandom

C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL.
All Home

All Question 658/790


After you recommend Amazon Redshift to a client as an alternative solution to paying data warehouses to analyze his data, your client asks you to explain why you are recommending Redshift.

Which of the following would be a reasonable response to his request?

RefreshNextRandom

D. All answers listed are a reasonable response to his question
Amazon Redshift delivers fast query performance by using columnar storage technology to improve I/O efficiency and parallelizing queries across multiple nodes. Redshift uses standard PostgreSQL JDBC and ODBC drivers, allowing you to use a wide range of familiar SQL clients. Data load speed scales linearly with cluster size, with integrations to Amazon S3, Amazon DynamoDB, Amazon Elastic MapReduce, Amazon Kinesis or any SSH-enabled host. AWS recommends Amazon Redshift for customers who have a combination of needs, such as: High performance at scale as data and query complexity grows Desire to prevent reporting and analytic processing from interfering with the performance of OLTP workloads Large volumes of structured data to persist and query using standard SQL and existing BI tools Desire to the administrative burden of running one's own data warehouse and dealing with setup, durability, monitoring, scaling and patching. References: AWS Cloud Databases
All Home

All Question 659/790


A company wants to improve the availability of an existing firewall.

To meet the compliance requirements of the applications hosted in the VPC.

The company's security team is using a proprietary firewall running on Amazon EC2 instances. All internet traffic flows through the primary firewall.

When the primary firewall goes down, the team manually changes the VPC route table so that it uses a secondary firewall running in a different Availability Zone.

Which strategies should a solutions architect use to improve the availability of the firewall? (Select TWO.)

RefreshNextRandom

D. Deploy a scheduled AWS Lambda function in the VPC to monitor the primary firewall and change the route table to use the secondary firewall in case of failure.
E. Monitor the firewall instance health in Amazon EventBridge (Amazon CloudWatch Events). Trigger an event rule to restart the primary firewall upon a detected failure.
All Home

All Question 660/790


A company is running an ASP.NET MVC application on a single Amazon EC2 instance. A recent increase in application traffic is causing slow response times for users during lunch hours. The company needs to resolve this concern with the least amount of configuration.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Move the application to AWS Elastic Beanstalk. Configure load-based auto scaling and time-based scaling to handle scaling during lunch hours.
All Home

All Question 661/790


A company receives 10 TB of instrumentation data each day from several machines located at a single factory. The data consists of JSON files stored on a storage area network (SAN) in an on–premises data center located within the factory. The company wants to send this data to Amazon S3 where it can be accessed by several additional systems that provide critical near–real–lime analytics. A secure transfer is important because the data is considered sensitive.

Which solution offers the MOST reliable data transfer?

RefreshNextRandom

D. AWS Database Migration Service (AWS DMS) over AWS Direct Connect
All Home

All Question 662/790


An online gaming company is designing a game that is expected to be popular all over the world. A solutions architect needs to define an AWS Cloud architecture that supports near–real–time recording and displaying of current game statistics for each player, along with the names of the top 25 players in the world, at any given time.

Which AWS database solution and configuration should the solutions architect use to meet these requirements?

RefreshNextRandom

D. Use Amazon RDS for MySQL as the data store for player activity. Configure cross-region read replicas in each required AWS Region based on player proximity.
All Home

All Question 663/790


A company hosts multiple production applications.

One of the applications consists of resources from Amazon EC2 AWS Lambda Amazon RDS Amazon Simple Notification Service (Amazon SNS).

And Amazon Simple Queue Service (Amazon SQS) across multiple AWS Regions.

All company resources are tagged with a tag name of "application" and a value that corresponds to each application.

A solutions architect must provide the quickest solution for identifying all of the tagged components.

Which solution meets these requirements?

RefreshNextRandom

D. Run a query with the AWS Resource Groups Tag Editor to report on the resources globally with the application tag
All Home

All Question 664/790


A user owns a MySQL database that is accessed by various clients who expect, at most, 100 ms latency on requests.
Once a record is stored in the database, it is rarely changed. Clients only access one record at a time.
Database access has been increasing exponentially due to increased client demand.
The resultant load will soon exceed the capacity of the most expensive hardware available for purchase.
The user wants to migrate to AWS, and is willing to change database systems.

Which service would alleviate the database load issue and offer virtually unlimited scalability for the future?

All Home

All Question 665/790


A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company's security policy requires that all website traffic be inspected by AWS WAF.

How should the solutions architect comply with these requirements?

RefreshNextRandom

D. Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.
All Home

All Question 666/790


A company is running an online transaction processing (OLTP) workload on AWS. This workload uses an unencrypted Amazon RDS DB instance in a Multi–AZ deployment. Daily database snapshots are taken from this instance.

What should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?

RefreshNextRandom

A. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot.
All Home

All Question 667/790


A company is planning to transfer multiple terabytes of data to AWS. The data is collected offline from ships. The company wants to run complex transformations before transferring the data.

Which AWS service should a solutions architect recommend for this migrations?

RefreshNextRandom

D. AWS Snowball Edge Compute Optimized.
All Home

All Question 668/790


A company has a three–tier image–sharing application. It uses an Amazon EC2 instance for the front–end layer, another for the backend tier, and a third for the MySQL database. A solutions architect has been tasked with designing a solution that is highly available, and requires the least amount of changes to the application.

Which solution meets these requirements?

RefreshNextRandom

D. Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end and backend layers. Move the database to an Amazon RDS instance with a Multi-AZ deployment. Use Amazon S3 to store and serve users' images.
Keyword: Highly available + Least amount of changes to the application High Availability = Multi-AZ Least amount of changes to the application = Elastic Beanstalk Automatically handles the deployment, from capacity provisioning, Load Balancing, Auto Scaling to application health monitoring Option – D will be the right choice and Option – A; Option – B and Option – C out of race due to Cost & inter-operability. HA with Elastic Beanstalk and RDS AWS Elastic Beanstalk AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. There is no additional charge for Elastic Beanstalk – you pay only for the AWS resources needed to store and run your applications. AWS RDS Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. Amazon RDS is available on several database instance types – optimized for memory, performance or I/O – and provides you with six familiar database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server. You can use the AWS Database Migration Service to easily migrate or replicate your existing databases to Amazon RDS. AWS S3 Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world. References: AWS Elastic Beanstalk Amazon Relational Database Service (RDS) Amazon S3
All Home

All Question 669/790


A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity

Which architecture offers the HIGHEST availability?

RefreshNextRandom

D. Use Amazon MQ with active/standby brokers configured across two Availability Zones Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones Use Amazon RDS for MySQL with Multi-AZ enabled.
All Home

All Question 670/790


A company needs to store data for 6 years. The company will need to have immediate and highly available access to the data at any point in time, but will not require frequent access.

What lifecycle action should be taken to meet these requirements while reducing costs?

RefreshNextRandom

A. Transition objects from Amazon S3 Standard to Amazon S3 Standard Infrequent Access (S3 Standard IA)
All Home

All Question 671/790


A company has deployed a multiplayer game for mobile devices. The game requires live location tracking of players based on latitude and longitude. The data store for the game must support rapid updates and retrieval of locations.

The game uses an Amazon RDS for PostgreSQL DB instance with read replicas to store the location data. During peak usage periods, the database is unable to maintain the performance that is needed for reading and writing updates. The game's user base is increasing rapidly.

What should a solutions architect do to improve the performance of the data tier?

RefreshNextRandom

D. Deploy an Amazon ElastiCache for Redis cluster in front of the existing DB instance. Modify the game to use Redis.
All Home

All Question 672/790


After reviewing the cost optimization checks in AWS Trusted Advisor, a team finds that it has 10,000 Amazon Elastic Block Store (Amazon EBS) snapshots in its account that are more than 30 days old.

When the team determines that it needs to implement better governance for the lifecycle of its resources.

Which actions should the team take to automate the lifecycle management of the EBS snapshots with the LEAST effort? (Select TWO)

RefreshNextRandom

D. Use a scheduled event in Amazon EventBridge (Amazon CloudWatch Events) and invoke AWS Step Functions to manage the snapshots
E. Schedule and run backups in AWS Systems Manager.
All Home

All Question 673/790


A company is planning to deploy an Amazon RDS DB instance running Amazon Aurora. The company has a backup retention policy requirement of 90 days. Which solution should a solutions architect recommend?

RefreshNextRandom

B. Configure RDS to copy automated snapshots to a user-managed Amazon S3 bucket with a lifecycle policy set to delete after 90 days.
All Home

All Question 674/790


A solutions architect is designing a hybrid application using the AWS cloud. The network between the on premises data center and AWS will use an AWS Direct Connect (DX) connection. The application connectivity between AWS and the on–premises data center must be highly resilient.

Which DX configuration should be implemented to meet these requirements?

RefreshNextRandom

B. Configure DX connections at multiple DX locations.
All Home

All Question 675/790


A company is relocating its data center and wants to securely transfer 50 TB of data to AWS within 2 weeks.

The existing data center has a Site–to–Site VPN connection to AWS that is 90% utilized.

Which AWS service should a solutions architect use to meet these requirements?

RefreshNextRandom

C. AWS Snowball Edge Storage Optimized
All Home

All Question 676/790


A solutions architect is designing a multi–region disaster recovery solution for an application that will provide public API access. The application will use Amazon EC2 instances with a user data script to load application code and an Amazon RDS for MySQL database. The Recovery Time Objective (RTO) is 3 hours and the Recovery Point Objective (RPO) is 24 hours.

Which architecture would meet these requirements at the LOWEST cost?

RefreshNextRandom

D. Use Amazon Route 53 for Region failover. Deploy new EC2 instances with the user data script for APIs, and create a snapshot of the RDS instance daily for a backup. Replicate the snapshot to a backup Region.
All Home

All Question 677/790


A company has a multi–tier application deployed on several Amazon EC2 instances in an Auto Scaling group. An Amazon RDS for Oracle instance is the application, data layer that uses Oracle–specific PSQL functions. Traffic to the application has been steadily increasing. This is causing the EC2 instances to become overloaded and RDS instance to run out of storage. The Auto Scaling group does not have any scaling metrics and defines the minimum healthy instance count only. The company predicts that traffic will continue to increase at a steady but unpredictable rate before leveling off.

What should a solutions architect do to ensure the system can automatically scale for the increased traffic? (Choose two.)

RefreshNextRandom

A. Configure storage Auto Scaling on the RDS for Oracle instance.
C. Configure an alarm on the RDS for Oracle instance for low free storage space.
All Home

All Question 678/790


A company is developing a mobile game that streams score updates to a backend processor and then posts results on a leaderboard A solutions architect needs to design a solution that can handle large traffic spikes process the mobile game updates in order of receipt and store the processed updates in a highly available database. The company also wants to minimize the management overhead required to maintain the solution

What should the solutions architect do to meet these requirements?

RefreshNextRandom

A. Push score updates to Amazon Kinesis Data Streams Process the updates in Kinesis Data Streams with AWS Lambda Store the processed updates in Amazon DynamoDB
All Home

All Question 679/790


A company Is designing an internet–facing web application. The application runs on Amazon EC2 for Linux–based instances that store sensitive user data in Amazon RDS MySQL Multi–AZ DB instances.

The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web–based attacks.

What should a solutions architect recommend?

RefreshNextRandom

D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.
All Home

All Question 680/790


A company hosts a training site on a fleet of Amazon EC2 instances. The company anticipates that its new course, which consists of dozens of training videos on the site, will be extremely popular when it is released in 1 week.

What should a solutions architect do to minimize the anticipated server load?

RefreshNextRandom

C. Store the videos in an Amazon S3 bucket. Create an Amazon CloudFront distribution with an origin access identity (OAI) of that S3 bucket. Restrict Amazon S3 access to the OAI.
All Home

All Question 681/790


A company's security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.

What should a solutions architect do to meet these requirements when configuring the logs?

RefreshNextRandom

D. Use Amazon S3 as the target. Enable an S3 Lifecycle policy to transition the logs to S3 StandardInfrequent Access (S3 Standard-IA) after 90 days.
All Home

All Question 682/790



What should a solutions architect recommend for maximum performance?

RefreshNextRandom

D. Use AWS PrivateLink to create an interface VPC endpoint for Kinesis Data Firehose in the VP
All Home

All Question 683/790


A company plans to host a survey website on AWS. The company anticipates an unpredictable amount of traffic. This traffic results in asynchronous updates to the database. The company wants to ensure that writes to the database hosted on AWS do not get dropped.

How should the company write its application to handle these database requests?

RefreshNextRandom

A. Configure the application to publish to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the database to the SNS topic.
All Home

All Question 684/790


A public–facing web application queries a database hosted on an Amazon EC2 instance in a private subnet.

A large number of queries involve multiple table joins, and the application performance has been degrading due to an increase in complex queries. The application team will be performing updates to improve performance.

What should a solutions architect recommend to the application team? (Choose two.)

RefreshNextRandom

B. Create a read replica to offload queries
E. Migrate the database to Amazon RDS
All Home

All Question 685/790


A company is running a batch application on Amazon EC2 instances.

The application consists of a backend with multiple Amazon RDS databases. The application is causing a high number of reads on the databases.

A solutions architect must reduce the number of database reads while ensuring high availability.

What should the solutions architect do to meet this requirement?

RefreshNextRandom

A. Add Amazon RDS read replicas.
All Home

All Question 686/790


A company has a custom application running on an Amazon EC instance that:

Reads a large amount of data from Amazon S3
Performs a multi–stage analysis
Writes the results to Amazon DynamoDB
The application writes a significant number of large, temporary files during the multi–stage analysis. The process performance depends on the temporary storage performance.

What would be the fastest storage option for holding the temporary files?

RefreshNextRandom

A. Multiple Amazon S3 buckets with Transfer Acceleration for storage.
All Home

All Question 687/790


A solutions architect must design a solution for a persistent database that is being migrated from on–premises to AWS. The database requires 64,000 IOPS according to the database administrator. If possible, the database administrator wants to use a single Amazon Elastic Block Store (Amazon EBS) volume to host the database instance.

Which solution effectively meets the database administrator's criteria?

RefreshNextRandom

B. Create an Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (io1) volume attached. Configure the volume to have 64,000 IOPS.
All Home

All Question 688/790


A company wants to use an AWS Region as a disaster recovery location for its on–premises infrastructure. The company has 10 TB of existing data, and the on–premise data center has a 1 Gbps internet connection. A solutions architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel.

Which solution should the solutions architect select?

RefreshNextRandom

C. Establish a VPN connection between Amazon VPC and the company's data center.
Keyword: AWS Region as DR for On-premises DC (Existing Data=10TB) + 1G Internet Connection Condition: 10TB on AWS in 72 Hours + Without Unencrypted Channel Without Unencrypted Channel = VPN FTP = Unencrypted Channel Options – A – Out of race, since this is unencrypted channel & not matching the condition Options – B – Out of race due to the timebound target & order /delivering AWS Snowball device will take time Options – C – Win the race, using the existing 1G Internet Link we can transfer this 10TB data within 24Hrs using encrypted Channel Options – D – Out of race due to the timebound target & order /delivering AWS Direct Connect will take time
All Home

All Question 689/790


A solutions architect is designing a solution that involves orchestrating a series of Amazon Elastic Container Service (Amazon ECS) task types running on Amazon EC2 instances that are part of an ECS cluster. The output and state data for all tasks needs to be stored. The amount of data output by each task is approximately 10 MB, and there could be hundreds of tasks running at a time. The system should be optimized for high–frequency reading and writing. As old outputs are archived and deleted, the storage size is not expected to exceed 1 TB.

Which storage solution should the solutions architect recommend?

RefreshNextRandom

C. An Amazon Elastic File System (Amazon EFS) file system with Bursting Throughput mode.
All Home

All Question 690/790


After you recommend Amazon Redshift to a client as an alternative solution to paying data warehouses to analyze his data, your client asks you to explain why you are recommending Redshift.

Which of the following would be a reasonable response to his request?

RefreshNextRandom

D. All answers listed are a reasonable response to his question
Amazon Redshift delivers fast query performance by using columnar storage technology to improve I/O efficiency and parallelizing queries across multiple nodes. Redshift uses standard PostgreSQL JDBC and ODBC drivers, allowing you to use a wide range of familiar SQL clients. Data load speed scales linearly with cluster size, with integrations to Amazon S3, Amazon DynamoDB, Amazon Elastic MapReduce, Amazon Kinesis or any SSH-enabled host. AWS recommends Amazon Redshift for customers who have a combination of needs, such as: High performance at scale as data and query complexity grows Desire to prevent reporting and analytic processing from interfering with the performance of OLTP workloads Large volumes of structured data to persist and query using standard SQL and existing BI tools Desire to the administrative burden of running one's own data warehouse and dealing with setup, durability, monitoring, scaling and patching. References: AWS Cloud Databases
All Home

All Question 691/790


A company recently released a new type of internet–connected sensor. The company is expecting to sell thousands of sensors, which are designed to stream high volumes of data each second to a central location. A solutions architect must design a solution that ingests and stores data so that engineering teams can analyze it in near–real–time with millisecond responsiveness.

Which solution should the solutions architect recommend?

RefreshNextRandom

D. Use Amazon Kinesis Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon DynamoDB. References: AWS Big Data Blog > Analyze data in Amazon DynamoDB using Amazon SageMaker for real-time prediction
All Home

All Question 692/790


A company is designing a cloud communications platform trial is driven by APIs.

The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB).

The company uses Amazon API Gateway to provide external users with access to the application through APIs. The company wants to protect the platform against web exploits like SQL Injection and also wants to detect and mitigate large, sophisticated DDoS attacks.

Which combination of solutions provides the MOST protection? (Select TWO.)

RefreshNextRandom

A. Use AWS WAF to protect the NLB
D. Use Amazon GuardDuty with AWS Shield Standard
All Home

All Question 693/790


A company serves a multilingual website from a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). This architecture is currently running in the us–west–1 Region but is exhibiting high request latency for users located in other parts of the world.

The website needs to serve requests quickly and efficiently regardless of a user's location. However, the company does not want to recreate the existing architecture across multiple Regions.

How should a solutions architect accomplish this?

RefreshNextRandom

B. Configure an Amazon CloudFront distribution with the ALB as the origin. Set the cache behavior settings to only cache based on the Accept-Language request header.
All Home

All Question 694/790


A Solutions Architect is designing the architecture for a web application that will be hosted on AWS. Internet users will access the application using HTTP and HTTPS.

How should the Architect design the traffic control requirements?

RefreshNextRandom

C. Allow inbound ports for HTTP and HTTPS in the security group used by the web servers.
All Home

All Question 695/790


A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted.

Which combination of steps will meet these requirements? (Choose two.)

RefreshNextRandom

A. Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.
B. Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate this new web ACL with the CloudFront distribution.
All Home

All Question 696/790


A company is building a cloud storage and sharing application for photos.

Users can upload photos from their computers and mobile phones to be stored durably in the cloud.

After photos are uploaded, most are shared and downloaded frequently for the first 40–90 days. The photos are generally accessed less often after 90 days but some photos maintain a high access rate.

The application initially stores photos n Amazon S3 Standard.

A solutions architect needs to reduce the application's operational costs without sacrificing user experience or data durability.

Which strategy should the solutions architect use to meet these requirements MOST cost– effectively?

RefreshNextRandom

A. Define an S3 Lifecycle rule to transition objects to S3 Intelligent-Tiering immediately
All Home

All Question 697/790


Can a user get a notification of each instance start / terminate configured with Auto Scaling?

RefreshNextRandom

C. Yes, if configured with the Auto Scaling group
The user can get notifications using SNS if he has configured the notifications while creating the Auto Scaling group. References: Amazon EC2 Auto Scaling > User Guide > Getting started with Amazon EC2 Auto Scaling
All Home

All Question 698/790


A solutions architect must design a database solution for a high–traffic eCommerce web application.

The database stores customer profiles and shopping cart information.

The database must support a peak load of several million requests each second and deliver responses in milliseconds.

The operational overhead for managing and scaling the database must be minimized.

Which database solution should the solutions architect recommend?

All Home

All Question 699/790


A company has implemented one of its microservices on AWS Lambda that accesses an Amazon DynamoDB table named Books. A solutions architect is designing an IAM policy to be attached to the Lambda function's IAM role, giving it access to put, update, and delete items in the Books table.

The IAM policy must prevent function from performing any other actions on the Books table or any other.

Which IAM policy would fulfill these needs and provide the LEAST privileged access?

A.

B.

C.

D.
All Home

All Question 700/790


A company runs an application on an Amazon EC2 instance backed by Amazon Elastic Block Store (Amazon EBS). The instance needs to be available for 12 hours daily. The company wants to save costs by making the instance unavailable outside the window required for the application. However, the contents of the instance's memory must be preserved whenever the instance is unavailable.

What should a solutions architect do to meet this requirement?

RefreshNextRandom

A. Stop the instance outside the application's availability window. Start up the instance again when required.
All Home

All Question 701/790


A company is migrating a three–tier application to AWS. The application requires a MySQL database. In the past, the application users reported poor application performance when creating new entries. These performance issues were caused by users generating different real–time reports from the application during working hours.

Which solution will improve the performance of the application when it is moved to AWS?

RefreshNextRandom

C. Create an Amazon Aurora MySQL Multi-AZ DB cluster with multiple read replicas. Configure the application to use the reader endpoint for reports.
Amazon RDS Read Replicas Now Support Multi-AZ Deployments Starting today, Amazon RDS Read Replicas for MySQL and MariaDB now support Multi-AZ deployments. Combining Read Replicas with Multi-AZ enables you to build a resilient disaster recovery strategy and simplify your database engine upgrade process. Amazon RDS Read Replicas enable you to create one or more read-only copies of your database instance within the same AWS Region or in a different AWS Region. Updates made to the source database are then asynchronously copied to your Read Replicas. In addition to providing scalability for read-heavy workloads, Read Replicas can be promoted to become a standalone database instance when needed. Amazon RDS Multi-AZ deployments provide enhanced availability for database instances within a single AWS Region. With Multi-AZ, your data is synchronously replicated to a standby in a different Availability Zone (AZ). In the event of an infrastructure failure, Amazon RDS performs an automatic failover to the standby, minimizing disruption to your applications. You can now use Read Replicas with Multi-AZ as part of a disaster recovery (DR) strategy for your production databases. A well-designed and tested DR plan is critical for maintaining business continuity after a disaster. A Read Replica in a different region than the source database can be used as a standby database and promoted to become the new production database in case of a regional disruption. You can also combine Read Replicas with Multi-AZ for your database engine upgrade process. You can create a Read Replica of your production database instance and upgrade it to a new database engine version. When the upgrade is complete, you can stop applications, promote the Read Replica to a standalone database instance, and switch over your applications. Since the database instance is already a Multi-AZ deployment, no additional steps are needed. Overview of Amazon RDS Read Replicas Deploying one or more read replicas for a given source DB instance might make sense in a variety of scenarios, including the following: Scaling beyond the compute or I/O capacity of a single DB instance for read-heavy database workloads. You can direct this excess read traffic to one or more read replicas. Serving read traffic while the source DB instance is unavailable. In some cases, your source DB instance might not be able to take I/O requests, for example due to I/O suspension for backups or scheduled maintenance. In these cases, you can direct read traffic to your read replicas. For this use case, keep in mind that the data on the read replica might be "stale" because the source DB instance is unavailable. Business reporting or data warehousing scenarios where you might want business reporting queries to run against a read replica, rather than your primary, production DB instance. Implementing disaster recovery. You can promote a read replica to a standalone instance as a disaster recovery solution if the source DB instance fails. The MySQL-compatible edition of Aurora delivers up to 5X the throughput of standard MySQL running on the same hardware, and enables existing MySQL applications and tools to run without requiring modification. References: Amazon Aurora Features: MySQL-Compatible Edition
All Home

All Question 702/790


A company needs to run its external website on Amazon EC2 instances and on–premises virtualized servers.

The AWS environment has a 1 GB AWS Direct Connect connection to the data center. The application has IP addresses that will not change.

The on–premises and AWS servers are able to restart themselves while maintaining the same IP address if a failure occurs.

Some website users have to add their vendors to an allow list, so the solution must have a fixed IP address.

The company needs a solution with the lowest operational overhead to handle this split traffic. What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Deploy an Amazon Route 53 Resolver with rules pointing to the on-premises and AWS IP addresses
All Home

All Question 703/790


A company is designing a shared storage solution for a gaming application that is hosted in the AWS Cloud. The company needs the ability to use SMB clients to access data solution must be fully managed.

Which AWS solution meets these requirements?

RefreshNextRandom

C. Create an Amazon FSx for Windows File Server file system Attach the file system to the origin server Connect the application server to the Me system
All Home

All Question 704/790


A company is using an Amazon S3 bucket to store data uploaded by different departments from multiple locations.

During an AWS Well–Architected review the financial manager notices that 10 TB of S3 Standard storage data has been charged each month.

However, in the AWS Management Console for Amazon S3, using the command to select all files and folders shows a total size of 5 TB.

What are the possible causes for this difference? (Select TWO )

RefreshNextRandom

B. The S3 bucket has versioning enabled
C. There are incomplete S3 multipart uploads
All Home

All Question 705/790


An Amazon EC2 administrator created the following policy associated with an IAM group containing several users:

An Amazon EC2 administrator created the following policy associated with an IAM group containing several users.

What is the effect of this policy?

RefreshNextRandom

C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
What the policy means: 1. Allow termination of any instance if user's source IP address is 100.100.254. 2. Deny termination of instances that are not in the us-east-1 Combining this two, you get: "Allow instance termination in the us-east-1 region if the user's source IP address is 10.100.100.254. Deny termination operation on other regions."
All Home

All Question 706/790


A company is migrating a Linux–based web server group to AWS. The web servers must access files in a shared file store for some content to meet the migration date, minimal changes can be made.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Create an Amazon Elastic File System (Amazon EFS) volume and mount it on all web servers.
All Home

All Question 707/790


A company receives data from different sources and implements multiple applications to consume this data.

There are many short–running jobs that run only on the weekend. The data arrives in batches rather than throughout the entire weekend.

The company needs an environment on AWS to ingest and process this data while maintaining the order of the transactions.

Which combination of AWS services meets these requirements in the MOST cost–effective manner?

RefreshNextRandom

C. Amazon Simple Queue Service (Amazon SQS) with AWS Lambda
All Home

All Question 708/790


A solutions architect is designing a web application that will run on Amazon EC2 instances behind an Application Load Balancer (ALB). The company strictly requires that the application be resilient against malicious internet activity and attacks, and protect against new common vulnerabilities and exposures.

What should the solutions architect recommend?

RefreshNextRandom

B. Deploy an appropriate managed rule for AWS WAF and associate it with the ALB. References: AWS WAF – Web Application Firewall AWS Shield AWS Shield Features
All Home

All Question 709/790


A company is looking for a solution that can store video archives in AWS from old news footage. The company needs to minimize costs and will rarely need to restore these files. When the files are needed, they must be available in a maximum of five minutes.

What is the MOST cost–effective solution?

RefreshNextRandom

A. Store the video archives in Amazon S3 Glacier and use Expedited retrievals.
All Home

All Question 710/790


A company is reviewing its AWS Cloud deployment to ensure its data is not accessed by anyone without appropriate authorization. A solutions architect is tasked with identifying all open Amazon S3 buckets and recording any S3 bucket configuration changes.

What should the solutions architect do to accomplish this?

RefreshNextRandom

A. Enable AWS Config service with the appropriate rules
All Home

All Question 711/790


A company receives structured and semi–structured data from various sources once every day. A solutions architect needs to design a solution that leverages big data processing frameworks. The data should be accessible using SQL queries and business intelligence tools.

What should the solutions architect recommend to build the MOST high–performing solution?

RefreshNextRandom

B. Use Amazon EMR to process data and Amazon Redshift to store data.
All Home

All Question 712/790


Much of your company's data does not need to be accessed often, and can take several hours for retrieval time, so it's stored on Amazon Glacier. However someone within your organization has expressed concerns that his data is more sensitive than the other data, and is wondering whether the high level of encryption that he knows is on S3 is also used on the much cheaper Glacier service.

Which of the following statements would be most applicable in regards to this concern?

RefreshNextRandom

C. Amazon Glacier automatically encrypts the data using AES-256, the same as Amazon S3.
Like Amazon S3, the Amazon Glacier service provides low-cost, secure, and durable storage. But where S3 is designed for rapid retrieval, Glacier is meant to be used as an archival service for data that is not accessed often, and for which retrieval times of several hours are suitable. Amazon Glacier automatically encrypts the data using AES-256 and stores it durably in an immutable form. Amazon Glacier is designed to provide average annual durability of 99.999999999% for an archive. It stores each archive in multiple facilities and multiple devices. Unlike traditional systems which can require laborious data verification and manual repair, Glacier performs regular, systematic data integrity checks, and is built to be automatically self-healing. References: Amazon Web Services: Overview of Security Processes
All Home

All Question 713/790


A company has an application running on Amazon EC2 On–Demand Instances. The application does not scale, and the Instances run In one AWS Region. The company wants the flexibility to change the operating system from Windows to AWS Linux in the future. The company needs to reduce the cost of the instances without creating additional operational overhead or changes to the application.

What should the company purchase to meet these requirements MOST cost–effectively?

RefreshNextRandom

D. Convertible Reserved Instances tor the instance type being used
All Home

All Question 714/790



What should a solutions architect recommend?

RefreshNextRandom

B. Deploy a load balancer in multiple Availability Zones with an Auto Scaling group for the web servers, and then deploy Amazon RDS in multiple Availability Zones.
All Home

All Question 715/790


A company is planning a large event where a promotional offer will be introduced. The company's website is hosted on AWS and backed by an Amazon RDS for PostgreSQL DB instance. The website explains the promotion and includes a sign–up page that collects user information and preferences. Management expects large and unpredictable volumes of traffic periodically, which will create many database writes.

A solutions architect needs to build a solution that does not change the underlying data model and ensures that submissions are not dropped before they are committed to the database.

Which solutions meets these requirements?

RefreshNextRandom

B. Use Amazon SQS to decouple the application and database layers. Configure an AWS Lambda function to write items from the queue into the database.
All Home

All Question 716/790


An image hosting company uploads its large assets to Amazon S3 Standard buckets.

The company uses multipart upload in parallel by using S3 APIs and overwrites if the same object is uploaded again.

For the first 30 days after upload the objects will be accessed frequently.

The objects will be used less frequently after 30 days but the access patterns for each object will be inconsistent.

The company must optimize its S3 storage costs while maintaining high availability and resiliency of stored assets.

Which combination of actions should a solutions architect recommend to meet these requirements? (Select TWO.)

RefreshNextRandom

C. Configure an S3 Lifecycle policy to clean up expired object delete markers
D. Move ass ts to S3 Standard-Infrequent Access (S3 Standard-iA) after 30 days
All Home

All Question 717/790


A company fails an AWS security reviews conducted by the third party.

The review finds out that some of the company method to access the Amazon EMR through the public internet.

Which combination of steps should the company take to MOST improve its security? (Select TWO.)

RefreshNextRandom

A. Set up a VPC peering connect to the Amazon EMR API.
D. Set up 1AM roles to be used to connect to the Amazon FMR API.
All Home

All Question 718/790


A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access.

Which of the following would be the LEAST complicated implementation?

RefreshNextRandom

C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL.
All Home

All Question 719/790


A company hosts a static website within an Amazon S3 bucket. A solutions architect needs to ensure that data can be recovered in case of accidental deletion.

Which action will accomplish this?

RefreshNextRandom

A. Enable Amazon S3 versioning.
Data can be recover if versioning enable, also it provide a extra protection like file delete, MFA delete. MFA. Delete only works for CLI or API interaction, not in the AWS Management Console. Also, you cannot make version DELETE actions with MFA using IAM user credentials. You must use your root AWS account. Object Versioning: Use Amazon S3 Versioning to keep multiple versions of an object in one bucket. For example, you could store my-image.jpg (version 111111) and my-image.jpg (version 222222) in a single bucket. S3 Versioning protects you from the consequences of unintended overwrites and deletions. You can also use it to archive objects so that you have access to previous versions. You must explicitly enable S3 Versioning on your bucket. By default, S3 Versioning is disabled. Regardless of whether you have enabled Versioning, each object in your bucket has a version ID. If you have not enabled Versioning, Amazon S3 sets the value of the version ID to null. If S3 Versioning is enabled, Amazon S3 assigns a version ID value for the object. This value distinguishes it from other versions of the same key. Object versioning is a means of keeping multiple variants of an object in the same Amazon S3 bucket. Versioning provides the ability to recover from both unintended user actions and application failures. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. CORRECT: "Enable Amazon S3 versioning" is the correct answer. INCORRECT: "Enable Amazon S3 Intelligent-Tiering" is incorrect. This is a storage class that automatically moves data between frequent access and infrequent access classes based on usage patterns. INCORRECT: "Enable an Amazon S3 lifecycle policy" is incorrect. An S3 lifecycle policy is a set of rules that define actions that apply to groups of S3 objects such as transitioning objects to another storage class. INCORRECT: "Enable Amazon S3 cross-Region replication" is incorrect as this is used to copy objects to different regions. CRR relies on versioning which is the feature that is required for protecting against accidental deletion. References: Protecting Amazon S3 Against Object Deletion
All Home

All Question 720/790


A solutions architect is designing a new workload in which an AWS Lambda function will access an Amazon DynamoDB table.

What is the MOST secure means of granting the Lambda function access to the DynamoDB labia?

RefreshNextRandom

A. Create an IAM role with the necessary permissions to access the DynamoDB table. Assign the role to the Lambda function.
All Home

All Question 721/790


A company has an on–premises volume backup solution that has reached its end of life. The company wants to use AWS as part of a new backup solution and wants to maintain local access to all the data while it is backed up on AWS. The company wants to ensure that the data backed up on AWS is automatically and securely transferred.

Which solution meets these requirements?

RefreshNextRandom

D. Use AWS Storage Gateway and configure a stored volume gateway. Run the Storage Gateway software appliance on premises and map the gateway storage volumes to on-premises storage. Mount the gateway storage volumes to provide local access to the data. References: AWS Snowball Edge Developer Guide > Best Practices for the AWS Snowball Edge Device
All Home

All Question 722/790


A solutions architect is designing the cloud architecture for a new application being deployed to AWS. The application allows users to interactively download and upload files. Files older than 2 years will be accessed less frequently. The solutions architect needs to ensure that the application can scale to any number of files while maintaining high availability and durability.

Which scalable solutions should the solutions architect recommend? (Choose two.)

RefreshNextRandom

A. Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Glacier.
C. Store the files on Amazon Elastic File System (Amazon EFS) with a lifecycle policy that moves objects older than 2 years to EFS Infrequent Access (EFS IA).
All Home

All Question 723/790


A company has a legacy application that processes data in two parts. The second part of the process takes longer than the first, so the company has decided to rewrite the application as two microservices running on Amazon ECS that can scale independently.

How should a solutions architect integrate the microservices?

RefreshNextRandom

C. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose. Implement code in microservice 2 to read from Kinesis Data Firehose.
This is a good use case for Amazon SQS. The microservices must be decoupled so they can scale independently. An Amazon SQS queue will enable microservice 1 to add messages to the queue. Microservice 2 can then pick up the messages and process them. This ensures that if there's a spike in traffic on the frontend, messages do not get lost due to the backend process not being ready to process them. CORRECT: "Implement code in microservice 1 to send data to an Amazon SQS queue. Implement code in microservice 2 to process messages from the queue" is the correct answer. INCORRECT: "Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3 event notifications to invoke microservice 2" is incorrect as a message queue would be preferable to an S3 bucket. INCORRECT: "Implement code in microservice 1 to publish data to an Amazon SNS topic. Implement code in microservice 2 to subscribe to this topic" is incorrect as notifications to topics are pushed to subscribers. In this case we want the second microservice to pickup the messages when ready (pull them). INCORRECT: "Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose. Implement code in microservice 2 to read from Kinesis Data Firehose" is incorrect as this is not how Firehose works. Firehose sends data directly to destinations, it is not a message queue. References: Amazon Simple Queue Service > Developer Guide > What is Amazon Simple Queue Service?
All Home

All Question 724/790


A Solutions Architect is creating an application running in an Amazon VPC that needs to access AWS Systems Manager Parameter Store. Network security rules prohibit any route table entry with a 0.0.0.0/0 destination.

What infrastructure addition will allow access to the AWS service while meeting the requirements?

RefreshNextRandom

D. AWS PrivateLink
To publish messages to Amazon SNS topics from an Amazon VPC, create an interface VPC endpoint. Then, you can publish messages to SNS topics while keeping the traffic within the network that you manage with the VPC. This is the most secure option as traffic does not need to traverse the Internet. CORRECT: "Use AWS PrivateLink" is the correct answer. INCORRECT: "Use an Internet Gateway" is incorrect. Internet Gateways are used by instances in public subnets to access the Internet and this is less secure than an VPC endpoint. INCORRECT: "Use a proxy instance" is incorrect. A proxy instance will also use the public Internet and so is less secure than a VPC endpoint. INCORRECT: "Use a NAT gateway" is incorrect. A NAT Gateway is used by instances in private subnets to access the Internet and this is less secure than an VPC endpoint. References: Amazon Simple Notification Service > Developer Guide > What is Amazon SNS?
All Home

All Question 725/790


A company's web application uses an Amazon RDS PostgreSQL DB instance to store its application data.

During the financial closing period at the start of every month, Accountants run large queries that impact the database's performance due to high usage. The company wants to minimize the impact that the reporting activity has on the web application.

What should a solutions architect do to reduce the impact on the database with the LEAST amount of effort?

RefreshNextRandom

A. Create a read replica and direct reporting traffic to the replica.
Amazon RDS uses the MariaDB, MySQL, Oracle, PostgreSQL, and Microsoft SQL Server DB engines' built-in replication functionality to create a special type of DB instance called a read replica from a source DB instance. Updates made to the source DB instance are asynchronously copied to the read replica. You can reduce the load on your source DB instance by routing read queries from your applications to the read replica. When you create a read replica, you first specify an existing DB instance as the source. Then Amazon RDS takes a snapshot of the source instance and creates a read-only instance from the snapshot. Amazon RDS then uses the asynchronous replication method for the DB engine to update the read replica whenever there is a change to the source DB instance. The read replica operates as a DB instance that allows only read-only connections. Applications connect to a read replica the same way they do to any DB instance. Amazon RDS replicates all databases in the source DB instance. References: Amazon Relational Database Service > User Guide > Working with read replicas
All Home

All Question 726/790


A monolithic application was recently migrated to AWS and is now running on a single Amazon EC2 instance. Due to application limitations, it is not possible to use automatic scaling to scale out the application. The chief technology officer (CTO) wants an automated solution to restore the EC2 instance in the unlikely event the underlying hardware fails.

What would allow for automatic recovery of the EC2 instance as quickly as possible?

RefreshNextRandom

A. Configure an Amazon CloudWatch alarm that triggers the recovery of the EC2 instance if it becomes impaired. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Recover your instance
All Home

All Question 727/790


A company has a web application for travel ticketing.

The application is based on a database that runs in a single data center in North America. The company wants to expand the application to serve a global user base. The company needs to display the application to multiple AWS Regions. Average latency must be less than 1 second on updates to reservation database.

The company wants to have separate deployments of its web platform across multiple Regions. However, the company must maintain a single primary reservation database that is globally consistent.

Which solution should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Convert the application to use Amazon DynamoD
B. Use a global table for the center reservation table. Use the correct Regional endpoint in each Regional deployment.
All Home

All Question 728/790


A social media company allows users to upload images to its website. The website runs on Amazon EC2 instances. During upload requests, the website resizes the images to a standard size and stores the resized images in Amazon S3. Users are experiencing slow upload requests to the website.

The company needs to reduce coupling within the application and improve website performance A solutions architect must design the most operationally efficient process for image uploads.

Which combination of actions should the solutions architect take to meet these requirements? (Select TWO.)

RefreshNextRandom

D. Configure S3 Event Notifications to invoke an AWS Lambda function when an image is uploaded. Use the function to resize the image
All Home

All Question 729/790


A company is developing an eCommerce application that will consist of a load–balanced front end. a container–based application and a relational database A solutions architect needs to create a highly available solution that operates with as little manual intervention as possible

Which solutions meet these requirements? (Select TWO.)

RefreshNextRandom

A. Create an Amazon RDS DB instance in Multi-AZ mode
D. Create an Amazon Elastic Container Service (Amazon ECS) cluster with a Fargate launch type to handle the dynamic application load
Relational database: RDS Container-based applications: ECS "Amazon ECS enables you to launch and stop your container-based applications by using simple API calls. You can also retrieve the state of your cluster from a centralized service and have access to many familiar Amazon EC2 features." Little manual intervention: Fargate You can run your tasks and services on a serverless infrastructure that is managed by AWS Fargate. Alternatively, for more control over your infrastructure, you can run your tasks and services on a cluster of Amazon EC2 instances that you manage. References: Amazon Elastic Container Service > Developer Guide > What is Amazon Elastic Container Service?
All Home

All Question 730/790


A company is developing a serverless web application that gives users the ability to interact with real–time analytics from online games. The data from the games must be streamed in real time. The company needs a durable, low–latency database option for user data. The company does not know how many users will use the application Any design considerations must provide response times of single–digit milliseconds as the application scales.

Which combination of AWS services will meet these requirements? (Select TWO.)

RefreshNextRandom

A. Amazon CloudFront
B. Amazon DynamoDB
All Home

All Question 731/790


A company wants to run its critical applications in containers to meet requirements for scalability and availability. The company prefers to focus on maintenance of the critical applications. The company does not want to be responsible for provisioning and managing the underlying infrastructure that runs the containerized workload.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate.
All Home

All Question 732/790


A company is planning to migrate 40 servers hosted on–premises in VMware to the AWS Cloud. The migration process must be implemented with minimal downtime.

The company also wants to test the servers before the cutover date.

Which solution meets these requirements?

RefreshNextRandom

A. Deploy the AWS DataSync agent into the on-premises environment. Use DataSync to migrate the servers.
All Home

All Question 733/790


An engineering team is developing and deploying AWS Lambda functions. The team needs to create roles and manage policies in AWS IAM to configure the permissions of the Lambda functions.

How should the permissions for the team be configured so they also adhere to the concept of least privilege?

RefreshNextRandom

A. Create an IAM role with a managed policy attached. Allow the engineering team and the Lambda functions to assume this role.
All Home

All Question 734/790


A solutions architect is designing the cloud architecture for a company that needs to host hundreds of machine learning models for its users. During startup, the models need to load up to 10 GB of data from Amazon S3 into memory, but they do not need disk access. Most of the models are used sporadically, but the users expect all of them to be highly available and accessible with low latency.

Which solution meets the requirements and is MOST cost–effective?

RefreshNextRandom

C. Deploy models as AWS Lambda functions behind a single Amazon API Gateway with path-based routing where one path corresponds to each model.
AWS just update Lambda to support 10G memory and helping compute intensive applications like machine learning… No disk access, lowest cost. References: AWS Lambda now supports up to 10 GB of memory and 6 vCPU cores for Lambda Functions
All Home

All Question 735/790


As part of budget planning, management wants a report of AWS billed items listed by user. The data will be used to create department budgets. A solutions architect needs to determine the most efficient way to obtain this report information.

Which solution meets these requirements?

RefreshNextRandom

B. Create a report in Cost Explorer and download the report.
All Home

All Question 736/790


You are in the process of creating a Route 53 DNS failover to direct traffic to two EC2 zones. Obviously, if one fails, you would like Route 53 to direct traffic to the other region. Each region has an ELB with some instances being distributed.

What is the best way for you to configure the Route 53 health check?

RefreshNextRandom

D. Route 53 natively supports ELB with an internal health check. Turn "Evaluate target health" on and "Associate with Health Check" off and R53 will use the ELB's internal health check.
With DNS Failover, Amazon Route 53 can help detect an outage of your website and redirect your end users to alternate locations where your application is operating properly. When you enable this feature, Route 53 uses health checks–regularly making Internet requests to your application's endpoints from multiple locations around the world–to determine whether each endpoint of your application is up or down. To enable DNS Failover for an ELB endpoint, create an Alias record pointing to the ELB and set the "Evaluate Target Health" parameter to true. Route 53 creates and manages the health checks for your ELB automatically. You do not need to create your own Route 53 health check of the ELB. You also do not need to associate your resource record set for the ELB with your own health check, because Route 53 automatically associates it with the health checks that Route 53 manages on your behalf. The ELB health check will also inherit the health of your backend instances behind that ELB. References: Amazon Route 53 Adds Elastic Load Balancer Integration for DNS Failover
All Home

All Question 737/790


A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type for ECS tasks. The company is monitoring CPU and memory usage because it is expecting high traffic to the application upon its launch. However, the company wants to reduce costs when utilization decreases.

What should a solutions architect recommend?

RefreshNextRandom

A. Use Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns.
All Home

All Question 738/790


A company's security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.

What should a solutions architect do to meet these requirements when configuring the logs?

RefreshNextRandom

D. Use Amazon S3 as the target Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days
All Home

All Question 739/790


A company is running a two–tier eCommerce website using services. The current architect uses a public facing Elastic Load Balancer that sends traffic to Amazon EC2 instances in a private subnet. The static content is hosted on EC2 instances, and the dynamic content is retrieved from a MYSQL database. The application is running in the United States. The company recently started selling to users in Europe and Australia. A solutions architect needs to design solution so their international users have an improved browsing experience.

Which solution is MOST cost–effective?

RefreshNextRandom

B. Use Amazon CloudFront and Amazon S3 to host static images.
All Home

All Question 740/790


An organization has three separate AWS accounts, one each for development, testing, and production. The organization wants the testing team to have access to certain AWS resources in the production account. How can the organization achieve this?

RefreshNextRandom

B. Create the IAM roles with cross account access.
An organization has multiple AWS accounts to isolate a development environment from a testing or production environment. At times the users from one account need to access resources in the other account, such as promoting an update from the development environment to the production environment. In this case the IAM role with cross account access will provide a solution. Cross account access lets one account share access to their resources with users in the other AWS accounts. References: AWS Security Best Practices
All Home

All Question 741/790


A user is storing a large number of objects on AWS S3. The user wants to implement the search functionality among the objects. How can the user achieve this?

RefreshNextRandom

D. Make your own DB system which stores the S3 metadata for the search functionality.
In Amazon Web Services, AWS S3 does not provide any query facility. To retrieve a specific object the user needs to know the exact bucket/object key. In this case it is recommended to have an own DB system which manages the S3 metadata and key mapping. References: Storage Options in the AWS Cloud
All Home

All Question 742/790


A solution architect at a company is designing the architecture for a two–tiered web application. The web application is composed of an internet facing application load balancer that forwards traffic to an auto scaling group of Amazon EC2 instances. The EC2 instances must be able to access a database that runs on Amazon RDS.

The company has requested a defense–in–depth approach to the network layout. The company does not want to rely solely on security groups or network ACLs. Only the minimum resources that are necessary should be routable from the internet.

Which network design should the solutions architect recommend to meet these requirements?

RefreshNextRandom

B. Place the ALB in public subnets. Place the EC2 instances and RDS database in private subnets
All Home

All Question 743/790


A photo–sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An Amazon DynamoDB table maintains the locations of photos, and thumbnails are easily re–created from the originals if they are accidentally deleted.

How should the thumbnail images be stored to ensure the LOWEST cost?

All Home

All Question 744/790


A company is preparing to launch a public–facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third–party service is used for the DNS. The company's solutions architect must recommend a solution to detect and protect against large–scale DDoS attacks.

Which solution meets these requirements?

RefreshNextRandom

D. Enable AWS Shield Advancd and assign the ELB to it.
All Home

All Question 745/790


A company has NFS servers in an on–premises data center that need to periodically back up small amounts of data to Amazon S3.

Which solution meets these requirements and is MOST cost–effective?

RefreshNextRandom

C. Set up an SFTP sync using AWS Transfer for SFTP to sync data from on-premises to Amazon S3.
All Home

All Question 746/790


A company runs an application on three very large Amazon EC2 instances.

In a single Availability Zone in the us–east–1 Region Multiple 16 TB Amazon Elastic Block Store (Amazon EBS) volumes are attached to each EC2 instance.

The operations team uses an AWS Lambda script triggered by a schedule–based Amazon EventBridge (Amazon CloudWatch Events) rule to stop the instances on evenings and weekends, and start the instances on weekday mornings.

Before deploying the solution, the company used the public AWS pricing documentation to estimate the overall costs of running this data warehouse solution 5 days a week for 10 hours a day.

When looking at monthly Cost Explorer charges for this new account, the overall charges are higher than the estimate.

What is the MOST likely cost factor that the company overlooked?

RefreshNextRandom

D. The company is being billed for the EBS storage on nights and weekends
All Home

All Question 747/790


A company operates a website on Amazon EC2 Linux instances. Some of the instances are failing.

Troubleshooting points to insufficient swap space on the failed instances. The operations team lead needs a solution to monitor this.

What should a solutions architect recommend?

RefreshNextRandom

C. Install an Amazon CloudWatch agent on the instances. Run an appropriate script on a set schedule. Monitor SwapUtilization metrics in CloudWatch. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Monitor memory and disk metrics for Amazon EC2 Linux instances
All Home

All Question 748/790


A team has an application that detects new objects being uploaded into an Amazon bucket. The upload a trigger AWS Lambda function to write metadata into an Amazon DynamoDB table and an Amazon RDS for PostgreSQL database.

Which action should the team take to ensure high availability?

RefreshNextRandom

C. Enable Multi-AZ on the RDS PostgreSQL database.
All Home

All Question 749/790


A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of an Availability Zone. Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files.

Which storage option meets these requirements?

RefreshNextRandom

B. S3 Intelligent-Tiering
S3 Intelligent-Tiering is a new Amazon S3 storage class designed for customers who want to optimize storage costs automatically when data access patterns change, without performance impact or operational overhead. S3 Intelligent-Tiering is the first cloud object storage class that delivers automatic cost savings by moving data between two access tiers – frequent access and infrequent access – when access patterns change, and is ideal for data with unknown or changing access patterns. S3 Intelligent-Tiering stores objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, S3 Intelligent-Tiering monitors access patterns and moves objects that have not been accessed for 30 consecutive days to the infrequent access tier. There are no retrieval fees in S3 Intelligent-Tiering. If an object in the infrequent access tier is accessed later, it is automatically moved back to the frequent access tier. No additional tiering fees apply when objects are moved between access tiers within the S3 Intelligent-Tiering storage class. S3 Intelligent-Tiering is designed for 99.9% availability and 99.999999999% durability, and offers the same low latency and high throughput performance of S3 Standard.
All Home

All Question 750/790


A company is building an application that consists of several microservices. The company has decided to use container technologies to deploy its software on AWS. The company needs a solution that minimizes the amount of ongoing effort for maintenance and scaling. The company cannot manage additional infrastructure.

Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

RefreshNextRandom

A. Deploy an Amazon Elastic Container Service (Amazon ECS) cluster.
B. Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple Availability Zones.
All Home

All Question 751/790



What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Create an internet gateway, and attach it to the VP
C. Configure the private subnet route table to use the internet gateway as the default route.
All Home

All Question 752/790


A company wants to use an AWS Region as a disaster recovery location for its on–premises infrastructure.

The company has 10 TB of existing data, and the on–premise data center has a 1 Gbps internet connection.

A solutions architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel.

Which solution should the solutions architect select?

RefreshNextRandom

C. Establish a VPN connection between Amazon VPC and the company's data center.
All Home

All Question 753/790


A company is preparing to deploy a new serverless workload. A solutions architect needs to configure permissions for invoking an AWS Lambda function. The function will be triggered by an Amazon EventBridge (Amazon CloudWatch Events) rule. Permissions should be configured using the principle of least privilege.

Which solution will meet these requirements?

RefreshNextRandom

C. Add a resource-based policy to the function with lambda:' as the action and Service:events.amazonaws.com as the principal.
All Home

All Question 754/790


A company uses Amazon S3 to store its confidential audit documents.

The S3 bucket uses bucket policies to restrict access to audit team 1AM user credentials according to the principle of least privilege.

Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.

What should a solutions architect do to secure the audit documents?

RefreshNextRandom

A. Enable the versioning and MFA Delete features on the S3 bucket
All Home

All Question 755/790


A company is running a database on Amazon Aurora.

The database is idle every evening. An application that performs extensive reads on the database experiences performance issues during morning thus when user traffic spikes.

During these peak periods, the application receives timeout errors when reading from the database.

The company does not have a dedicated operations team and needs an automated solution to address the performance issues.

Which actions should a solutions architect take to automatically adjust to the increased read load on the database? (Select TWO )

RefreshNextRandom

A. Migrate the database to Aurora Serverless.
C. Configure Aurora Auto Scaling with Aurora Replicas
All Home

All Question 756/790


A solution architect needs to design a highly available application consisting of web, application, and database tiers. HTTPS content delivery should be as close to the edge as possible, with the least delivery time.

Which solution meets these requirements and is MOST secure?

RefreshNextRandom

B. Amazon EC2 instances in private subnets Configure. Configure a public Application Load Balancer with multiple redundant Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.
All Home

All Question 757/790


A company must generate sales reports at the beginning of every month. The reporting process launches 20 Amazon EC2 instances on the first of the month. The process runs for 7 days and cannot be interrupted.

The company wants to minimize costs.

Which pricing model should the company choose?

RefreshNextRandom

D. Scheduled Reserved Instances
Scheduled Reserved Instances: Scheduled Reserved Instances (Scheduled Instances) enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term. You reserve the capacity in advance, so that you know it is available when you need it. You pay for the time that the instances are scheduled, even if you do not use them. Scheduled Instances are a good choice for workloads that do not run continuously, but do run on a regular schedule. For example, you can use Scheduled Instances for an application that runs during business hours or for batch processing that runs at the end of the week. If you require a capacity reservation on a continuous basis, Reserved Instances might meet your needs and decrease costs. How Scheduled Instances Work Amazon EC2 sets aside pools of EC2 instances in each Availability Zone for use as Scheduled Instances. Each pool supports a specific combination of instance type, operating system, and network. To get started, you must search for an available schedule. You can search across multiple pools or a single pool. After you locate a suitable schedule, purchase it. You must launch your Scheduled Instances during their scheduled time periods, using a launch configuration that matches the following attributes of the schedule that you purchased: instance type, Availability Zone, network, and platform. When you do so, Amazon EC2 launches EC2 instances on your behalf, based on the specified launch specification. Amazon EC2 must ensure that the EC2 instances have terminated by the end of the current scheduled time period so that the capacity is available for any other Scheduled Instances it is reserved for. Therefore, Amazon EC2 terminates the EC2 instances three minutes before the end of the current scheduled time period. You can't stop or reboot Scheduled Instances, but you can terminate them manually as needed. If you terminate a Scheduled Instance before its current scheduled time period ends, you can launch it again after a few minutes. Otherwise, you must wait until the next scheduled time period. The following diagram illustrates the lifecycle of a Scheduled Instance. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Scheduled Reserved Instances
All Home

All Question 758/790


You are building infrastructure for a data warehousing solution and an extra request has come through that there will be a lot of business reporting queries running all the time and you are not sure if your current DB instance will be able to handle it.

What would be the best solution for this?

RefreshNextRandom

B. Read Replicas
Read Replicas make it easy to take advantage of MySQL's built-in replication functionality to elastically scale out beyond the capacity constraints of a single DB Instance for read-heavy database workloads. There are a variety of scenarios where deploying one or more Read Replicas for a given source DB Instance may make sense. Common reasons for deploying a Read Replica include: Scaling beyond the compute or I/O capacity of a single DB Instance for read-heavy database workloads. This excess read traffic can be directed to one or more Read Replicas. Serving read traffic while the source DB Instance is unavailable. If your source DB Instance cannot take I/O requests (e.g. due to I/O suspension for backups or scheduled maintenance), you can direct read traffic to your Read Replica(s). For this use case, keep in mind that the data on the Read Replica may be "stale" since the source DB Instance is unavailable. Business reporting or data warehousing scenarios; you may want business reporting queries to run against a Read Replica, rather than your primary, production DB Instance. References: Amazon RDS FAQs
All Home

All Question 759/790


A global company plans to track and store information about local allergens in an Amazon DynamoOB table and query this data from its website.

The company anticipates that website traffic will fluctuate.
The company estimates that the combined read and write capacity units will range from 10.
10.000 per second, depending on the severity of the conditions for the given day.
A solutions architect must design a solution that avoids throttling issues and manages capacity efficiently.
What should the solutions architect do to meet these requirements MOST cost–effectively?

RefreshNextRandom

B. Use provisioned capacity mode and a scaling policy in DynamoDB auto scaling
All Home

All Question 760/790


A three–tier web application processes orders from customers. The web tier consists of Amazon EC2 instances behind an Application Load Balancer, a middle tier of three EC2 instances decoupled from the web tier using Amazon SQS. and an Amazon DynamoDB backend. At peak times, customers who submit orders using the site have to wait much longer than normal to receive confirmations due to lengthy processing times. A solutions architect needs to reduce these processing times.

Which action will be MOST effective in accomplishing this?

RefreshNextRandom

D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SOS queue depth.
All Home

All Question 761/790


A company wants to educe Its Amazon S3 storage costs in its production environment without impacting durability or performance of the stored objects.

What is the FIRST step the company should take to meet these objectives?

RefreshNextRandom

D. Migrate me objects in all S3 buckets to S3 Intelligent-Tie ring
All Home

All Question 762/790


A product manager of an eCommerce website is launching a new product line next month. The application hosting the website runs on Amazon EC2 instances in an Auto Scaling group behind a load balancer.

Testing has been performed, and the maximum load at launch has been estimated.

Traffic to the application is expected to decrease gradually within the first few weeks after the launch.

This workload is the only one on this account that is expected to scale during launch.

Which combination of steps is MOST cost–effective to ensure that will be adequate capacity when the application scales at launch? (Select TWO.)

RefreshNextRandom

A. Purchase Reserved instance (RIs) with zonal scope to reserve capacity and get the discount to compute. Then cancel the Ris after the launch.
D. Purchase Scheduled instances to reserve capacity for the launch, and run them on a daily schedule during peak capacity hours.
All Home

All Question 763/790


A company is using Amazon S3 as its local repository for weekly analysis reports. One of the company–wide requirements is to secure data at rest using encryption. The company chooses Amazon 53 server–side encryption (SSE)

How can the object be decrypted when a GET request is issued?

RefreshNextRandom

D. Amazon S3 provides a server-side key for decrypting the object
All Home

All Question 764/790


A company is preparing to deploy a data lake on AWS. A solutions architect must define the encryption strategy tor data at rest m Amazon S3/ The company's security policy states:

Keys must be rotated every 90 days.
Strict separation of duties between key users and key administrators must be implemented.
Auditing key usage must be possible.
What should the solutions architect recommend?

RefreshNextRandom

A. Server-side encryption with AWS KMS managed keys (SSE-KMS) with customer managed customer master keys (CMKs)
All Home

All Question 765/790


A company has two applications it wants to migrate to AWS. Both applications process a large set of files by accessing the same files at the same time. Both applications need to read the files with low latency.

Which architecture should a solutions architect recommend for this situation?

RefreshNextRandom

D. Configure two Amazon EC2 instances to run both applications. Configure Amazon Elastic File System (Amazon EFS) with General Purpose performance mode and Bursting Throughput mode to store the data.
All Home

All Question 766/790



What should a solutions architect recommend to meet this requirement?

RefreshNextRandom

C. Deploy an Amazon CloudFront distribution that listens on the TCP port that the application requires. Use an Application Load Balancer as the origin.
All Home

All Question 767/790


A company is building a RESTful serverless web application on AWS by using Amazon API Gateway and AWS Lambda.

The users of this web application will be geographically disturbed, and the company wants to reduce the latency of API requests to these users.

Which type of endpoint should a solutions architect use to meet these requirements?

All Home

All Question 768/790


A company wants to migrate its web application to AWS. The legacy web application consists of a web tier, an application tier, and a MySQL database.

The re–architected application must consist of technologies that do not require the administration team to manage instances or clusters.

Which combination of services should a solutions architect include in the overall architecture? (Select TWO)

RefreshNextRandom

D. Amazon RDS for MySQL
E. AWS Fargate
All Home

All Question 769/790


A user has underutilized on–premises resources.

Which AWS Cloud concept can BEST address this issue?

All Home

All Question 770/790


A company wants to move a multi–tiered application from on–premises to the AWS Cloud to improve the application's performance. The application consists of application tiers that communicate with each other by way of RESTful services.

Transactions are dropped when one tier becomes overloaded. A solutions architect must design a solution that resolves these issues and modernizes the application.

Which solution meets these requirements and is the MOST operationally efficient?

RefreshNextRandom

D. Use Amazon Simple Queue Service (Amazon SQS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SQS queue length and scale up when communication failures are detected.
All Home

All Question 771/790


A company has a mobile game that reads most of its metadata from an Amazon RDS DB instance. As the game increased in popularity developers noticed slowdowns related to the game's metadata load times.

Performance metrics indicate that simply scaling the database will not help. A solutions architect must explore all options that include capabilities for snapshots replication and sub–millisecond response times.

What should the solutions architect recommend to solve these issues?

RefreshNextRandom

B. Migrate the database to Amazon DyramoDB with global tables.
All Home

All Question 772/790


A leasing company generates and emails PDF statements every month for all its customers. Each statement is about 400 KB in size.

Customers can download their statements from the website for up to 30 days from when the statements were generated. At the end of their 3–year lease, the customers are emailed a ZIP file that contains all the statements.

What is the MOST cost–effective storage solution for this situation?

RefreshNextRandom

B. Store the statements using the Amazon S3 Glacier storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30 days.
All Home

All Question 773/790


A solutions architect needs to design a resilient solution for Windows users' home directories. The solution must provide fault tolerance, file–level backup and recovery, and access control, based upon the company's Active Directory.

Which storage solution meets these requirements?

RefreshNextRandom

C. Configure Amazon Elastic File System (Amazon EFS) for the users' home directories. Configure AWS Single Sign-On with Active Directory.
All Home

All Question 774/790


A solutions architect must design a database solution for a high–traffic eCommerce web application. The database stores customer profiles and shopping cart information. The database must support a peak load of several million requests each second and deliver responses in milliseconds. The operational overhead form an aging and scaling the database must be minimized.

Which database solution should the solutions architect recommend?

All Home

All Question 775/790


A company stores user data in AWS. The data is used continuously with peak usage during business hours. Access patterns vary, with some data not being used for months at a time. A solution architect must choose a cost–effective solution that maintains the highest level of durability while maintaining high availability.

Which storage solution meets these requirements?

RefreshNextRandom

B. Amazon S3 intelligent-Tiering
All Home

All Question 776/790


A company is designing a website that uses an Amazon S3 bucket to store static images. The company wants all future requests to have faster response times while reducing both latency and cost.

Which service configuration should a solutions architect recommend?

RefreshNextRandom

B. Deploy Amazon CloudFront in front of Amazon S3.
All Home

All Question 777/790


A company wants to migrate its MySQL database from on premises to AWS. The company recently experienced a database outage that significantly impacted the business. To ensure this does not happen again, the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes.

Which solution meets these requirements?

RefreshNextRandom

A. Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones.
All Home

All Question 778/790


In the context of AWS support, why must an EC2 instance be unreachable for 20 minutes rather than allowing customers to open tickets immediately?

RefreshNextRandom

A. Because most reachability issues are resolved by automated processes in less than 20 minutes
An EC2 instance must be unreachable for 20 minutes before opening a ticket, because most reachability issues are resolved by automated processes in less than 20 minutes and will not require any action on the part of the customer. If the instance is still unreachable after this time frame has passed, then you should open a case with support. References: AWS Support FAQs
All Home

All Question 779/790


A company wants a storage option that enables its data science team to analyze its data on–premises and in the AWS Cloud. The team needs to be able to run statistical analyses by using the data on–premises and by using a fleet of Amazon EC2 instances across multiple Availability Zones.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Use an AWS Storage Gateway file gateway to copy the on-premises files to Amazon Elastic Block Store (Amazon EBS).
All Home

All Question 780/790


In Amazon EC2, partial instance–hours are billed __________ .

RefreshNextRandom

D. as full hours
Partial instance-hours are billed to the next hour. References: Amazon EC2 FAQs
All Home

All Question 781/790


A company is developing a real–time multiplier game that uses UDP for communications between client and servers in an Auto Scaling group. Spikes in demand are anticipated during the day, so the game server platform must adapt accordingly. Developers want to store gamer scores and other non–relational data in a database solution that will scale without intervention.

Which solution should a solutions architect recommend?

RefreshNextRandom

B. Use a Network Load Balancer for traffic distribution and Amazon DynamoDB on-demand for data storage.
All Home

All Question 782/790


A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.

Which design should the solutions architect use?

RefreshNextRandom

C. Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue.
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. Get started with SQS in minutes using the AWS console, Command Line Interface or SDK of your choice, and three simple commands. SQS offers two types of message queues. Standard queues offer maximum throughput, best-effort ordering, and at-least-once delivery. SQS FIFO queues are designed to guarantee that messages are processed exactly once, in the exact order that they are sent. Scaling Based on Amazon SQS There are some scenarios where you might think about scaling in response to activity in an Amazon SQS queue. For example, suppose that you have a web app that lets users upload images and use them online. In this scenario, each image requires resizing and encoding before it can be published. The app runs on EC2 instances in an Auto Scaling group, and it's configured to handle your typical upload rates. Unhealthy instances are terminated and replaced to maintain current instance levels at all times. The app places the raw bitmap data of the images in an SQS queue for processing. It processes the images and then publishes the processed images where they can be viewed by users. The architecture for this scenario works well if the number of image uploads doesn't vary over time. But if the number of uploads changes over time, you might consider using dynamic scaling to scale the capacity of your Auto Scaling group. In this case we need to find a durable and loosely coupled solution for storing jobs. Amazon SQS is ideal for this use case and can be configured to use dynamic scaling based on the number of jobs waiting in the queue. To configure this scaling you can use the backlog per instance metric with the target value being the acceptable backlog per instance to maintain. You can calculate these numbers as follows: Backlog per instance: To calculate your backlog per instance, start with the ApproximateNumberOfMessages queue attribute to determine the length of the SQS queue (number of messages available for retrieval from the queue). Divide that number by the fleet's running capacity, which for an Auto Scaling group is the number of instances in the InService state, to get the backlog per instance. Acceptable backlog per instance: To calculate your target value, first determine what your application can accept in terms of latency. Then, take the acceptable latency value and divide it by the average time that an EC2 instance takes to process a message. This solution will scale EC2 instances using Auto Scaling based on the number of jobs waiting in the SQS queue. CORRECT: "Create an Amazon SQS queue to hold the jobs that needs to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue" is the correct answer. INCORRECT: "Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage" is incorrect as scaling on network usage does not relate to the number of jobs waiting to be processed. INCORRECT: "Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage" is incorrect. Amazon SNS is a notification service so it delivers notifications to subscribers. It does store data durably but is less suitable than SQS for this use case. Scaling on CPU usage is not the best solution as it does not relate to the number of jobs waiting to be processed. INCORRECT: "Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic" is incorrect. Amazon SNS is a notification service so it delivers notifications to subscribers. It does store data durably but is less suitable than SQS for this use case. Scaling on the number of notifications in SNS is not possible. References: Amazon EC2 Auto Scaling > User Guide > Scaling based on Amazon SQS
All Home

All Question 783/790


A company has a hybrid application hosted on multiple on–premises servers with static IP addresses. There is already a VPN that provides connectivity between the VPC and the on–premises network. The company wants to distribute TCP traffic across the on–premises servers for internet users.

What should a solutions architect recommend to provide a highly available and scalable solution?

RefreshNextRandom

A. Launch an internet-facing Network Load Balancer (NLB) and register on-premises IP addresses with the NLB.
All Home

All Question 784/790


A company is designing an internet–facing web application. The application runs on Amazon EC2 for Linux–based instances that store sensitive user data in Amazon RDS MySQL Multi–AZ DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web–based attacks.

What should a solutions architect recommend?

RefreshNextRandom

C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group.
All Home

All Question 785/790


A company has an on–premises application that collects data and stores it to an on–premises NFS server.

The company recently set up a 10 Gbps AWS Direct Connect connection. The company is running out of storage capacity on–premises. The company needs to migrate the application data from on–premises to the AWS Cloud while maintaining low–latency access to the data from the on–premises application.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Deploy AWS Storage Gateway for the application data, and use the file gateway to store the data in Amazon S3. Connect the on-premises application servers to the file gateway using NFS.
All Home

All Question 786/790


A company runs its two–tier eCommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third–party web service. The application must be highly available.

Which combination of configuration options will meet these requirements? (Choose two.)

RefreshNextRandom

A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.
B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.
All Home

All Question 787/790


A company's website handles millions of requests each day. and the number of requests continues to increase. A solutions architect needs to improve the response time of the web application. The solutions architect determines that the application needs to decrease latency.

When retrieving product details from the Amazon DynamoDB table?

RefreshNextRandom

A. Set up a DynamoOB Accelerator (DAX) cluster. Route all read requests through DAX.
All Home

All Question 788/790


A company is running a multi–tier web application on AWS. The application runs its database tier on Amazon Aurora MySQL. The application and database tiers are in the us–east–1 Region. A database administrator who regularly monitors the Aurora DB cluster finds that an intermittent increase in read traffic is creating high CPU utilization on the read replica and causing increased read latency of the application.

What should a solutions architect do to improve read scalability?

RefreshNextRandom

D. Configure Aurora Auto Scaling for the read replica.
All Home

All Question 789/790


A company is planning to migrate a legacy application to AWS. The application currently uses NFS to communicate to an on–premises storage solution to store application data. The application cannot be modified to use any other communication protocols other than NFS for this purpose.

Which storage solution should a solutions architect recommend for use after the migrations?

RefreshNextRandom

C. Amazon Elastic File System (Amazon EFS) References: Amazon Elastic File System
All Home

All Question 790/790


A company wants to build an immutable infrastructure for its software applications. The company wants to test the software applications before sending traffic to them. The company seeks an efficient solution that limits the effects of application bugs

Which combination of steps should a solutions architect recommend? {Select TWO)

RefreshNextRandom

A. Use AWS Cloud Formation to update the production infrastructure and roll back the stack if the update fails
B. Apply Amazon Route 53 weighted routing to test the staging environment and gradually increase the traffic as the tests pass
All Home

S3

- 155 Questions
S3(155)  Home

S3 Question 1/155


A company is building a web application that servers a content management system.

The content management system runs on Amazon EC2 instances behind an Application Load Balancer (ALB).

The EC2 instances run in an Auto Scaling group across Availability Zones.

Users are constantly adding and updating files, blogs, and other website assets in the content management system.

Which solution meets these requirements?

RefreshNextRandom

C. Copy the website assets to an Amazon S3 bucket. Ensure that each EC2 instance downloads the website assets from the S3 bucket to the attached Amazon Basic Block Store (Amazon EBS) volume. Run the S3 sync command once each hour to keep files up to date.
S3 Home

S3 Question 2/155


A company uses an Amazon S3 bucket as its data lake storage platform.

The S3 bucket contains a massive amount of data that is accessed randomly by multiple teams and hundreds of applications.

The company wants to reduce the S3 storage costs and provide immediate availability for frequently accessed objects.

What is the MOST operationally efficient solution that meets these requirements?

RefreshNextRandom

A. Create an S3 Lifecycle rule to transition objects to the S3 Intelligent-Tiering storage class
S3 Home

S3 Question 3/155


A user is designing a new service that receives location updates from 3 600 rental cars every hour.

The cars upload their location to an Amazon S3 bucket.

Each location must be checked for distance from the original rental location.

Which services will process the updates and automatically scale?

RefreshNextRandom

B. Amazon Kinesis Data Firehose and Amazon S3
S3 Home

S3 Question 4/155


A company's security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.

What should a solutions architect do to meet these requirements when configuring the logs?

RefreshNextRandom

D. Use Amazon S3 as the target Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days
S3 Home

S3 Question 5/155


A company Is creating a new application that will store a large amount of data.

The data will be analyzed hourly and will be modified by several Amazon EC2 Linux instances that are deployed across multiple Availability Zones.

The needed amount of storage space will continue to grow for the next 6 months

Which storage solution should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Store the data in Amazon S3 Glacier Update the S3 Glacier vault policy to allow access to the application instances.
S3 Home

S3 Question 6/155


A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access.

Which of the following would be the LEAST complicated implementation?

RefreshNextRandom

C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL.
S3 Home

S3 Question 7/155


A company is planning to deploy an Amazon RDS DB instance running Amazon Aurora. The company has a backup retention policy requirement of 90 days. Which solution should a solutions architect recommend?

RefreshNextRandom

B. Configure RDS to copy automated snapshots to a user-managed Amazon S3 bucket with a lifecycle policy set to delete after 90 days.
S3 Home

S3 Question 8/155


A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company's security policy requires that all website traffic be inspected by AWS WAF.

How should the solutions architect comply with these requirements?

RefreshNextRandom

D. Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.
S3 Home

S3 Question 9/155


A company manages a data lake in an Amazon S3 bucket that numerous application share. The S3 bucket contain unique folders with a prefix for each application.

The company wants to restrict each application to its specific folder and have more granular control of the objects in each folder.

Which solution met these requirements with the LEAST amount of effort?

RefreshNextRandom

B. Create anS3 Batch Operations job to set the ACL permissions for each object in the S3 bucket.
S3 Home

S3 Question 10/155


A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the tiles can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.

The tiles are stored in an on–premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.

Which solution will meet these requirements?

RefreshNextRandom

D. Migrate the tiles to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.
S3 Home

S3 Question 11/155


A company stores user data in AWS. The data is used continuously with peak usage during business hours.

Access patterns vary, with some data not being used for months at a time.

A solution architect must choose a cost that maintains the highest level of durability while maintaining high availability.

Which storage solution meets these requirements?

RefreshNextRandom

A. Amazon S3 Standard
S3 Home

S3 Question 12/155



Which scenario could be causing this issue? ( Select TWO)

RefreshNextRandom

C. The route to the S3 endpoint is not configured in the route table
E. The S3 bucket has a bucket policy that does not allow access to the CIDR of the VPC
S3 Home

S3 Question 13/155


A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access.

Which of the following would be the LEAST complicated implementation?

RefreshNextRandom

C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL.
S3 Home

S3 Question 14/155


A company is building a document storage application on AWS. The application runs on Amazon EC2 instances in multiple Availability Zones. The company requires the document store to be highly available.

The documents need to be returned immediately when requested. The lead engineer has configured the application to use Amazon Elastic Block Store (Amazon EBS) to store the documents, but is willing to consider other options to meet the availability requirement.

What should a solutions architect recommend?

RefreshNextRandom

B. Use Amazon EBS for the EC2 instance root volumes. Configure the application to build the document store on Amazon S3.
S3 Home

S3 Question 15/155


A media company stores video content in an Amazon Elastic Block Store (Amazon EBS) volume. A certain video files has become popular and a large number of user across the world are accessing this content.

This has resulted in a cost increase.

Which action will DECREASE cost without compromising user accessibility?

RefreshNextRandom

B. Store the video in an Amazon S3 bucket and create and Amazon CloudFront distribution
S3 Home

S3 Question 16/155


A company has a custom application running on an Amazon EC instance that:

Reads a large amount of data from Amazon S3
Performs a multi–stage analysis
Writes the results to Amazon DynamoDB
The application writes a significant number of large, temporary files during the multi–stage analysis. The process performance depends on the temporary storage performance.

What would be the fastest storage option for holding the temporary files?

RefreshNextRandom

A. Multiple Amazon S3 buckets with Transfer Acceleration for storage.
S3 Home

S3 Question 17/155


A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML. CSS, client–side JavaScript, and images.

Which method is the MOST cost–effective for hosting the website?

RefreshNextRandom

B. Create an Amazon S3 bucket and host the website there
S3 Home

S3 Question 18/155


A company wants to reduce its Amazon S3 storage costs in its production environment without impacting durability or performance of the stored objects.

What is the FIRST step the company should take to meet these objectives?

RefreshNextRandom

D. Migrate the objects in all S3 buckets to S3 Intelligent-Tiering.
S3 Home

S3 Question 19/155


A company hosts a static website within an Amazon S3 bucket. A solutions architect needs to ensure that data can be recovered in case of accidental deletion.

Which action will accomplish this?

RefreshNextRandom

A. Enable Amazon S3 versioning.
Data can be recover if versioning enable, also it provide a extra protection like file delete, MFA delete. MFA. Delete only works for CLI or API interaction, not in the AWS Management Console. Also, you cannot make version DELETE actions with MFA using IAM user credentials. You must use your root AWS account. Object Versioning: Use Amazon S3 Versioning to keep multiple versions of an object in one bucket. For example, you could store my-image.jpg (version 111111) and my-image.jpg (version 222222) in a single bucket. S3 Versioning protects you from the consequences of unintended overwrites and deletions. You can also use it to archive objects so that you have access to previous versions. You must explicitly enable S3 Versioning on your bucket. By default, S3 Versioning is disabled. Regardless of whether you have enabled Versioning, each object in your bucket has a version ID. If you have not enabled Versioning, Amazon S3 sets the value of the version ID to null. If S3 Versioning is enabled, Amazon S3 assigns a version ID value for the object. This value distinguishes it from other versions of the same key. Object versioning is a means of keeping multiple variants of an object in the same Amazon S3 bucket. Versioning provides the ability to recover from both unintended user actions and application failures. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. CORRECT: "Enable Amazon S3 versioning" is the correct answer. INCORRECT: "Enable Amazon S3 Intelligent-Tiering" is incorrect. This is a storage class that automatically moves data between frequent access and infrequent access classes based on usage patterns. INCORRECT: "Enable an Amazon S3 lifecycle policy" is incorrect. An S3 lifecycle policy is a set of rules that define actions that apply to groups of S3 objects such as transitioning objects to another storage class. INCORRECT: "Enable Amazon S3 cross-Region replication" is incorrect as this is used to copy objects to different regions. CRR relies on versioning which is the feature that is required for protecting against accidental deletion. References: Protecting Amazon S3 Against Object Deletion
S3 Home

S3 Question 20/155


A leasing company generates and emails PDF statements every month for all its customers. Each statement is about 400 KB in size.

Customers can download their statements from the website for up to 30 days from when the statements were generated. At the end of their 3–year lease, the customers are emailed a ZIP file that contains all the statements.

What is the MOST cost–effective storage solution for this situation?

RefreshNextRandom

B. Store the statements using the Amazon S3 Glacier storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30 days.
S3 Home

S3 Question 21/155


A company is running its application in a single region on Amazon EC2 with Amazon Elastic Block Store (Amazon EBS) and S3 as part of the storage design.

What should be done to reduce data transfer costs?

RefreshNextRandom

C. Create an Amazon CloudFront distribution with Amazon S3 as the origin
S3 Home

S3 Question 22/155


A company currently has 250 TB of backup files stored in Amazon S3 in a vendor's proprietary format.

Using a Linux–based software application provided by the vendor, the company wants to retrieve files from Amazon S3, transform the files to an industry–standard format, and re–upload them to Amazon S3. The company wants to minimize the data transfer charges associated with this conversation.

What should a solutions architect do to accomplish this?

RefreshNextRandom

D. Launch an Amazon EC2 instance in the same Region as Amazon S3 and install the conversion software onto the instance. Perform the transformation and re-upload the files to Amazon S3 from the EC2 instance.
S3 Home

S3 Question 23/155


A solutions architect is planning the deployment of a new static website. The solution must minimize costs and provide at least 99% availability. Which solution meets these requirements?

RefreshNextRandom

A. Deploy the application to an Amazon S3 bucket in one AWS Region that has versioning disabled.
S3 Home

S3 Question 24/155


A company has a 143 TB MySQL database that it wants to migrate to AWS. The plan is to use Amazon Aurora MySQL as the platform going forward. The company has a 100 Mbps AWS Direct Connect connection to Amazon VPC.

Which solution meets the company's needs and takes the LEAST amount of time?

RefreshNextRandom

D. Order four 50-TB AWS Snowball devices and copy the database backup onto them. Have AWS import the data into Amazon S3. Import the data into Aurora.
S3 Home

S3 Question 25/155


A company mandates that an Amazon S3 gateway endpoint must allow traffic to trusted buckets only.

Which method should a solutions architect implement to meet this requirement?

RefreshNextRandom

D. Create an S3 endpoint policy for each of the company's S3 gateway endpoints that provides access to the Amazon Resource Name (ARN) of the trusted S3 buckets.
S3 Home

S3 Question 26/155


Much of your company's data does not need to be accessed often, and can take several hours for retrieval time, so it's stored on Amazon Glacier. However someone within your organization has expressed concerns that his data is more sensitive than the other data, and is wondering whether the high level of encryption that he knows is on S3 is also used on the much cheaper Glacier service.

Which of the following statements would be most applicable in regards to this concern?

RefreshNextRandom

C. Amazon Glacier automatically encrypts the data using AES-256, the same as Amazon S3.
Like Amazon S3, the Amazon Glacier service provides low-cost, secure, and durable storage. But where S3 is designed for rapid retrieval, Glacier is meant to be used as an archival service for data that is not accessed often, and for which retrieval times of several hours are suitable. Amazon Glacier automatically encrypts the data using AES-256 and stores it durably in an immutable form. Amazon Glacier is designed to provide average annual durability of 99.999999999% for an archive. It stores each archive in multiple facilities and multiple devices. Unlike traditional systems which can require laborious data verification and manual repair, Glacier performs regular, systematic data integrity checks, and is built to be automatically self-healing. References: Amazon Web Services: Overview of Security Processes
S3 Home

S3 Question 27/155


A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.

What should a solutions architect do to secure the audit documents?

RefreshNextRandom

A. Enable the versioning and MFA Delete features on the S3 bucket. References: Amazon Simple Storage Service > User Guide > Security Best Practices for Amazon S3
S3 Home

S3 Question 28/155


A company is building a media–sharing application and decides to use Amazon S3 for storage. When a media file is uploaded the company starts a multi–step process to create thumbnails, identify objects in the images, transcode videos into standard formats and resolutions and extract and store the metadata to an Amazon DynamoDB table.

The metadata is used for searching and navigation. The amount of traffic is variable The solution must be able to scale to handle spikes in load without unnecessary expenses.

What should a solutions architect recommend to support this workload?

RefreshNextRandom

C. Trigger an AWS Lambda function when an object is stored in the S3 bucket. Have the Lambda function start AWS Batch to perform the steps to process the object. Place the object data in the DynamoDB table when complete
S3 Home

S3 Question 29/155


A company uses Amazon S3 for storing a variety of files.

A solutions architect needs to design a feature that will allow users to instantly restore any deleted files within 30 days of deletion.

Which is the MOST cost–efficient solution?

RefreshNextRandom

A. Create lifecycle policies that move the objects to Amazon S3 Glacier and delete them after 30 days
S3 Home

S3 Question 30/155


A company's security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.

What should a solutions architect do to meet these requirements when configuring the logs?

RefreshNextRandom

D. Use Amazon S3 as the target. Enable an S3 Lifecycle policy to transition the logs to S3 StandardInfrequent Access (S3 Standard-IA) after 90 days.
S3 Home

S3 Question 31/155


A company wants to run a static website served through Amazon CloudFront.

What is an advantage of storing the website content in an Amazon S3 bucket instead of an Amazon Elastic Block Store (Amazon EBS) volume?

RefreshNextRandom

B. S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin
S3 Home

S3 Question 32/155


A company is hosting its website by using Amazon EC2 instance behind an Elastic Load Balancer across multiple Availability Zones.

The instance run in an EC2 Auto Scaling group.

The website uses Amazon Elastic Block Store (Amazon EBS) volumes to store product manuals for users to download.

The company updates the product content often, so new instance launched by the Auto Scaling group often have old data.

It can take up to 30 minutes for the new instances to receive all the updates.

The updates also requires the EBS volumes to be resized during business hours.

The company wants to ensure that the product manuals are always up to date on all that the architecture adjusts quickly to increased user demand.

A solutions architect needs to meet these requirements without causing the company to update its application code or adjust its website.

What should the solution architect do to accomplish this goal?

RefreshNextRandom

D. Store the product manual in an Amazon S3 Standard-infrequent Access (S3 Standard-IA) bucket. Redirect the downloads to this bucket.
S3 Home

S3 Question 33/155


A company has 700 TB of backup data stored in network attached storage (NAS) in its data center This backup data need to be accessible for infrequent regulatory requests and must be retained 7 years. The company has decided to migrate this backup data from its data center to AWS. The migration must be complete within 1 month. The company has 500 Mbps of dedicated bandwidth on its public internet connection available for data transfer.

What should a solutions architect do to migrate and store the data at the LOWEST cost?

RefreshNextRandom

A. Order AWS Snowball devices to transfer the data. Use a lifecycle policy to transition the files to Amazon S3 Glacier Deep Archive.
S3 Home

S3 Question 34/155


A healthcare company stores highly sensitive patient records. Compliance requires that multiple copies be stored in different locations. Each record must be stored for 7 years. The company has a service level agreement (SLA) to provide records to government agencies immediately for the first 30 days and then within 4 hours of a request thereafter.

What should a solutions architect recommend?

RefreshNextRandom

A. Use Amazon S3 with cross-Region replication enabled. After 30 days, transition the data to Amazon S3 Glacier using lifecycle policy.
S3 Home

S3 Question 35/155


A company uses an Amazon S3 bucket to store static images for its website. The company configured permissions to allow access to Amazon S3 objects by privileged users only.

What should a solutions architect do to protect against data loss? (Choose two.)

RefreshNextRandom

A. Enable versioning on the S3 bucket.
E. Use MFA Delete to require multi-factor authentication to delete an object.
S3 Home

S3 Question 36/155


A company wants to optimize the cost of its data storage for data that is accessed quarterly. The company requires high throughput, low latency, and rapid access, when needed.

Which Amazon S3 storage class should a solutions architect recommend?

RefreshNextRandom

B. Amazon S3 Standard (S3 Standard)
S3 Home

S3 Question 37/155


A company's website hosted on Amazon EC2 instances processes classified data stored in Amazon S3. Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3.

Which solution meets these requirements?

RefreshNextRandom

A. Set up S3 bucket policies to allow access from a VPC endpoint. References: Amazon Simple Storage Service > User Guide > Controlling access from VPC endpoints with bucket policies
S3 Home

S3 Question 38/155


A recently created startup built a three–tier web application. The front end has static content. The application layer is based on microservices. User data is stored as JSON documents that need to be accessed with low latency. The company expects regular traffic to be low during the first year, with peaks in traffic when it publicizes new features every month. The startup team needs to minimize operational overhead costs.

What should a solutions architect recommend to accomplish this?

RefreshNextRandom

C. Use Amazon S3 static website hosting to store and serve the front end. Use Amazon API Gateway and AWS Lambda functions for the application layer. Use Amazon DynamoDB to store user data.
S3 Home

S3 Question 39/155



Which action will fulfill these requirements and maintain security?

RefreshNextRandom

B. Configure an S3 gateway endpoint.
VPC endpoints: A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network. An interface endpoint is an elastic network interface with a private IP address from the IP address range of your subnet that serves as an entry point for traffic destined to a supported service. Interface endpoints are powered by AWS PrivateLink, a technology that enables you to privately access services by using private IP addresses. AWS PrivateLink restricts all network traffic between your VPC and services to the Amazon network. You do not need an internet gateway, a NAT device, or a virtual private gateway. References: Amazon Virtual Private Cloud > AWS PrivateLink > Endpoints for Amazon S3 Amazon Virtual Private Cloud > AWS PrivateLink > Gateway VPC endpoints
S3 Home

S3 Question 40/155


A media company stores video content in an Amazon Elastic Block Store (Amazon EBS) volume. A certain video file has become popular and a large number of users across the world are accessing this content.

This has resulted in a cost increase.

Which action will DECREASE cost without compromising user accessibility?

RefreshNextRandom

B. Store the video in an Amazon S3 bucket and create an Amazon CloudFront distribution.
S3 Home

S3 Question 41/155


A user is storing a large number of objects on AWS S3. The user wants to implement the search functionality among the objects. How can the user achieve this?

RefreshNextRandom

D. Make your own DB system which stores the S3 metadata for the search functionality.
In Amazon Web Services, AWS S3 does not provide any query facility. To retrieve a specific object the user needs to know the exact bucket/object key. In this case it is recommended to have an own DB system which manages the S3 metadata and key mapping. References: Storage Options in the AWS Cloud
S3 Home

S3 Question 42/155


A solutions architect is designing a solution that requires frequent updates to a website that is hosted on Amazon S3 with versioning enabled. For compliance reasons, the older versions of the objects will not be accessed frequently and will need to be deleted after 2 years.

What should the solutions architect recommend to meet these requirements at the LOWEST cost?

RefreshNextRandom

B. Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier. Expire the objects after 2 years.
S3 Home

S3 Question 43/155


A company runs a photo processing application that needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region.

A solutions architect has noticed an increased cost in data transfer fees and needs to implement a solution to reduce these costs.

How can the solutions architect meet this requirement?

RefreshNextRandom

B. Deploy a NAT gateway into a public subnet and attach an end point policy that allows access to the S3 buckets.
S3 Home

S3 Question 44/155


A company has three AWS accounts Management Development and Production. These accounts use AWS services only in the us–east–1 Region All accounts have a VPC with VPC Flow Logs configured to publish data to an Amazon S3 bucket in each separate account For compliance reasons the company needs an ongoing method to aggregate all the VPC flow logs across all accounts into one destination S3 bucket in the Management account.

What should a solutions architect do to meet these requirements with the LEAST operational overhead?

RefreshNextRandom

A. Add S3 Same-Region Replication rules in each S3 bucket that stores VPC flow logs to replicate objects to the destination S3 bucket Configure the destination S3 bucket to allow objects to be received from the S3 buckets in other accounts
S3 Home

S3 Question 45/155


A company needs to store data in Amazon S3 A compliance requirement states that when any changes are made to objects the previous state of the object with any changes must be preserved Additionally files older than 5 years should not be accessed but need to be archived for auditing

What should a solutions architect recommend that is MOST cost–effective?

RefreshNextRandom

C. Enable object-level versioning Enable a lifecycle policy to move data older than 5 years to S3 Glacier Deep Archive
S3 Home

S3 Question 46/155


A company is looking for a solution that can store video archives in AWS from old news footage. The company needs to minimize costs and will rarely need to restore these files. When the files are needed, they must be available in a maximum of five minutes.

What is the MOST cost–effective solution?

RefreshNextRandom

A. Store the video archives in Amazon S3 Glacier and use Expedited retrievals.
S3 Home

S3 Question 47/155


A company hosts more than 300 global websites and applications. The company requires a platform to analyze more than 30 TB of clickstream data each day. What should a solutions architect do to transmit and process the clickstream data?

RefreshNextRandom

C. Cache the data to Amazon CloudFront. Store the data in an Amazon S3 bucket. When an object is added to the S3 bucket, run an AWS Lambda function to process the data for analysis.
S3 Home

S3 Question 48/155


A company is hosting multiple websites for several lines of business under its registered parent domain.

Users accessing these websites will be routed to appropriate backend Amazon EC2 instances based on the subdomain. The websites host static webpages, images, and server–side scripts like PHP and JavaScript. Some of the websites experience peak access during the first two hours of business with constant usage throughout the rest of the day. A solutions architect needs to design a solution that will automatically adjust capacity to these traffic patterns while keeping costs low.

Which combination of AWS services or features will meet these requirements? (Choose two.)

RefreshNextRandom

C. Application Load Balancer
D. Amazon EC2 Auto Scaling References: Amazon Simple Storage Service > User Guide > Hosting a static website using Amazon S3
S3 Home

S3 Question 49/155


A company has an application running on Amazon EC2 instances in a private subnet. The application needs to store and retrieve data in Amazon S3. To reduce costs, the company wants to configure its AWS resources in a cost–effective manner.

How should the company accomplish this?

RefreshNextRandom

B. Deploy AWS Storage Gateway to access the S3 buckets.
S3 Home

S3 Question 50/155


A company is building a media sharing application and decides to use Amazon S3 for storage. When a media file is uploaded, the company starts a multi–step process to create thumbnails, identify objects in the images, transcode videos into standard formats and resolutions, and extract and store the metadata to an Amazon DynamoDB table. The metadata is used for searching and navigation.

The amount of traffic is variable. The solution must be able to scale to handle spikes in load without unnecessary expenses.

What should a solutions architect recommend to support this workload?

RefreshNextRandom

C. Trigger an AWS Lambda function when an object is stored in the S3 bucket. Have the Lambda function start AWS Batch to perform the steps to process the object. Place the object data in the DynamoDB table when complete.
S3 Home

S3 Question 51/155


One of the criteria for a new deployment is that the customer wants to use AWS Storage Gateway. However you are not sure whether you should use gateway–cached volumes or gateway–stored volumes or even what the differences are.

Which statement below best describes those differences?

RefreshNextRandom

A. Gateway-cached lets you store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Gateway-stored enables you to configure your on-premises gateway to store all your data locally and then asynchronously back up point-in-time snapshots of this data to Amazon S3.
Volume gateways provide cloud-backed storage volumes that you can mount as Internet Small Computer System Interface (iSCSI) devices from your on-premises application servers. The gateway supports the following volume configurations: Gateway-cached volumes? You store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Gateway-cached volumes offer a substantial cost savings on primary storage and minimize the need to scale your storage on-premises. You also retain low-latency access to your frequently accessed data. Gateway-stored volumes? If you need low-latency access to your entire data set, you can configure your on-premises gateway to store all your data locally and then asynchronously back up point-in-time snapshots of this data to Amazon S3. This configuration provides durable and inexpensive off-site backups that you can recover to your local data center or Amazon EC2. For example, if you need replacement capacity for disaster recovery, you can recover the backups to Amazon EC2. References: AWS Storage Gateway > User Guide > What is AWS Storage Gateway?
S3 Home

S3 Question 52/155


A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS for MySQL database, and Application Load Balance Amazon Elastic Container Service (Amazon ECS) to host the website and its microservices.

Which design changes should a solutions architect recommend to support the expected growth? (Select TWO.)

RefreshNextRandom

A. Move static files from Amazon ECS to Amazon S3
E. Create RDS lead replicas and change the application to use these replicas.
S3 Home

S3 Question 53/155


A company hosts a training site on a fleet of Amazon EC2 instances. The company anticipates that its new course, which consists of dozens of training videos on the site, will be extremely popular when it is released in 1 week.

What should a solutions architect do to minimize the anticipated server load?

RefreshNextRandom

C. Store the videos in an Amazon S3 bucket. Create an Amazon CloudFront distribution with an origin access identity (OAI) of that S3 bucket. Restrict Amazon S3 access to the OAI.
S3 Home

S3 Question 54/155


An application running on AWS generates audit logs of operational activities Compliance requirements mandate that the application retain the logs for 5 years.

How can these requirements be met?

RefreshNextRandom

A. Save the togs in an Amazon S3 bucket and enable MFA Delete on the bucket
S3 Home

S3 Question 55/155


A solutions architect needs to design a low–latency solution for a static single–page application accessed by users utilizing a custom domain name. The solution must be serverless, encrypted in transit, and cost–effective.

Which combination of AWS services and features should the solutions architect use? (Choose two.)

RefreshNextRandom

A. Amazon S3
D. Amazon CloudFront
S3 Home

S3 Question 56/155


A company runs an application in a branch office within a small data closet with no virtualized compute resources. The application data is stored on an NFS volume. Compliance standards require a daily offsite backup of the NFS volume.

Which solution meet these requirements?

RefreshNextRandom

B. Install an AWS Storage Gateway file gateway hardware appliance on premises to replicate the data to Amazon S3.
AWS Storage Gateway Hardware Appliance Hardware Appliance: Storage Gateway is available as a hardware appliance, adding to the existing support for VMware ESXi, Microsoft Hyper-V, and Amazon EC2. This means that you can now make use of Storage Gateway in situations where you do not have a virtualized environment, server-class hardware or IT staff with the specialized skills that are needed to manage them. You can order appliances from Amazon.com for delivery to branch offices, warehouses, and "outpost" offices that lack dedicated IT resources. Setup (as you will see in a minute) is quick and easy, and gives you access to three storage solutions: File Gateway: A file interface to Amazon S3, accessible via NFS or SMB. The files are stored as S3 objects, allowing you to make use of specialized S3 features such as lifecycle management and cross region replication. You can trigger AWS Lambda functions, run Amazon Athena queries, and use Amazon Macie to discover and classify sensitive data. Keyword: NFS + Compliance File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3. It can be used for on-premises applications, and for Amazon EC2- resident applications that need file storage in S3 for object based workloads. Used for flat files only, stored directly on S3. File gateway offers SMB or NFS-based access to data in Amazon S3 with local caching. WS Storage Gateway – File Gateway The table below shows the different gateways available and the interfaces and use cases: Storage Gateway Overview CORRECT: "Install an AWS Storage Gateway file gateway hardware appliance on premises to replicate the data to Amazon S3" is the correct answer. INCORRECT: "Install an AWS Storage Gateway file gateway on premises to replicate the data to Amazon S3" is incorrect. INCORRECT: "Install an AWS Storage Gateway volume gateway with stored volumes on premises to replicate the data to Amazon S3" is incorrect as unsupported NFS. INCORRECT: "Install an AWS Storage Gateway volume gateway with cached volumes on premises to replicate the data to Amazon S3" is incorrect as unsupported NFS. References: AWS News Blog > File Interface to AWS Storage Gateway
S3 Home

S3 Question 57/155


A company is automating an order management application. The company's development team has decided to use SFTP to transfer and store the business–critical information files. The files must be encrypted and must be highly available. The files also must be automatically deleted a month after they are created.

Which solution meets these requirements with the LEAST operational overhead?

RefreshNextRandom

D. Configure an Amazon S3 bucket with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the S3 bucket. Apply S3 Lifecycle rules to automatically delete the files after a month.
S3 Home

S3 Question 58/155


A company sells ringtones created from clips of popular songs. The files containing the ringtones are stored in Amazon S3 Standard and are at least 123 KB m size.

The company has millions of files but downloads are infrequent for ringtones older than 90 days. The company needs to save money on storage while keeping the most accessed files readily available for its users.

Which action should the company take to meet these requirements MOST cost–effectively?

RefreshNextRandom

A. Configure S3 Standard-infrequent Access (S3 Standard-IA) storage for the initial storage tier of the objects
S3 Home

S3 Question 59/155


A solutions architect at an eCommerce company wants to back up application log data to Amazon S3. The solutions architect is unsure how frequently the logs will be accessed or which logs will be accessed the most. The company wants to keep costs as low as possible by using the appropriate S3 storage class.

Which S3 storage class should be implemented to meet these requirements?

RefreshNextRandom

B. S3 Intelligent-Tiering
S3 Intelligent-Tiering is a new Amazon S3 storage class designed for customers who want to optimize storage costs automatically when data access patterns change, without performance impact or operational overhead. S3 Intelligent-Tiering is the first cloud object storage class that delivers automatic cost savings by moving data between two access tiers – frequent access and infrequent access – when access patterns change, and is ideal for data with unknown or changing access patterns. S3 Intelligent-Tiering stores objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, S3 Intelligent-Tiering monitors access patterns and moves objects that have not been accessed for 30 consecutive days to the infrequent access tier. There are no retrieval fees in S3 Intelligent-Tiering. If an object in the infrequent access tier is accessed later, it is automatically moved back to the frequent access tier. No additional tiering fees apply when objects are moved between access tiers within the S3 Intelligent-Tiering storage class. S3 Intelligent-Tiering is designed for 99.9% availability and 99.999999999% durability, and offers the same low latency and high throughput performance of S3 Standard.
S3 Home

S3 Question 60/155


A company's website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company's website demands globally. The solution should be cost effective, limit the? provisioning of Into and provide the fastest possible response time.

Which combination should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon CloudFront and Amazon S3
S3 Home

S3 Question 61/155


A company requires a durable backup storage solution for its on–premises database servers while ensuring on–premises applications maintain access to these backups for quick recovery. The company will use AWS storage services as the destination for these backups. A solutions architect is designing a solution with minimal operational overhead.

Which solution should the solutions architect implement?

RefreshNextRandom

A. Deploy an AWS Storage Gateway file gateway on-premises and associate it with an Amazon S3 bucket.
Network Load Balancer overview A Network Load Balancer functions at the fourth layer of the Open Systems Interconnection (OSI) model. It can handle millions of requests per second. After the load balancer receives a connection request, it selects a target from the target group for the default rule. It attempts to open a TCP connection to the selected target on the port specified in the listener configuration. When you enable an Availability Zone for the load balancer, Elastic Load Balancing creates a load balancer node in the Availability Zone. By default, each load balancer node distributes traffic across the registered targets in its Availability Zone only. If you enable cross-zone load balancing, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones. For more information, see Availability Zones. If you enable multiple Availability Zones for your load balancer and ensure that each target group has at least one target in each enabled Availability Zone, this increases the fault tolerance of your applications. For example, if one or more target groups does not have a healthy target in an Availability Zone, we remove the IP address for the corresponding subnet from DNS, but the load balancer nodes in the other Availability Zones are still available to route traffic. If a client doesn't honor the time-to-live (TTL) and sends requests to the IP address after it is removed from DNS, the requests fail. For TCP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, destination port, and TCP sequence number. The TCP connections from a client have different source ports and sequence numbers, and can be routed to different targets. Each individual TCP connection is routed to a single target for the life of the connection. For UDP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, and destination port. A UDP flow has the same source and destination, so it is consistently routed to a single target throughout its lifetime. Different UDP flows have different source IP addresses and ports, so they can be routed to different targets. An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service. The size of an Auto Scaling group depends on the number of instances that you set as the desired capacity. You can adjust its size to meet demand, either manually or by using automatic scaling. An Auto Scaling group starts by launching enough instances to meet its desired capacity. It maintains this number of instances by performing periodic health checks on the instances in the group. The Auto Scaling group continues to maintain a fixed number of instances even if an instance becomes unhealthy. If an instance becomes unhealthy, the group terminates the unhealthy instance and launches another instance to replace it.
S3 Home

S3 Question 62/155


A company built a food ordering application that captures user data and stores it for future analysis. The application's static front end is deployed on an Amazon EC2 instance. The front–end application sends the requests to the backend application running on separate EC2 instance. The backend application then stores the data in Amazon RDS.

What should a solutions architect do to decouple the architecture and make it scalable?

RefreshNextRandom

D. Use Amazon S3 to serve the static front-end application and send requests to Amazon API Gateway, which writes the requests to an Amazon SQS queue. Place the backend instances in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.
Keyword: Static + Decouple + Scalable Static=S3 Decouple=SQS Queue Scalable=ASG Option B will not be there in the race due to Auto-Scaling unavailability. Option A will not be there in the race due to Decouple unavailability. Option C & D will be in the race and Option D will be correct answers due to all 3 combination matches [Static=S3; Decouple=SQS Queue; Scalable=ASG] & Option C will loose due to Static option unavailability
S3 Home

S3 Question 63/155


A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be deleted. Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days.

Which storage solution is MOST cost effective?

RefreshNextRandom

C. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Delete the files 4 years after the object creation.
S3 Home

S3 Question 64/155


A company requires that all versions of objects in its Amazon S3 bucket be retained. Current object versions will be frequently accessed during the first 30 days, after which they will be rarely accessed and must be retrievable within 5 minutes. Previous object versions need to be kept forever, will be rarely accessed, and can be retrieved within 1 week. All storage solutions must be highly available and highly durable.

What should a solutions architect recommend to meet these requirements in the MOST cost–effective manner?

RefreshNextRandom

A. Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 Glacier after 30 days and moves previous object versions to S3 Glacier after 1 day.
S3 Home

S3 Question 65/155


A company has multiple AWS accounts with applications deployed in the us–west–2 Region Application togs are stored within Amazon S3 buckets in each account. The company wants to build a centralized log analysts solution that uses a single S3 bucket Logs must not leave us– west–2T and the company wants to incur minimal operational overhead.

Which solution meets these requirements and is MOST cost–effective?

RefreshNextRandom

A. Create an S3 Lifecycle policy that copies the objects from one of the application S3 buckets to the centralized S3 bucket
S3 Home

S3 Question 66/155


A company is designing a new application that runs in a VPC on Amazon EC2 instances. The application stores data in Amazon S3 and uses Amazon DynamoDB as its database. For compliance reasons, the company prohibits all traffic between the EC2 instances and other AWS services from passing over the public internet.

What can a solutions architect do to meet this requirement?

RefreshNextRandom

C. Configure a gateway VPC endpoint to Amazon S3. Configure an interface VPC endpoint to DynamoDB.
S3 Home

S3 Question 67/155


A company has an Amazon S3 bucket that contains mission–critical data. The company wants to ensure this data is protected from accidental deletion. The data should still be accessible, and a user should be able to delete the data intentionally.

Which combination of steps should a solutions architect take to accomplish this? (Choose two.)

RefreshNextRandom

A. Enable versioning on the S3 bucket.
B. Enable MFA Delete on the S3 bucket.
S3 Home

S3 Question 68/155


A solutions architect is designing a solution where users will be directed to a backup static error page if the primary website is unavailable. The primary website's DNS records are hosted in Amazon Route 53 where their domain is pointing to an Application Load Balancer (ALB).

Which configuration should the solutions architect use to meet the company's needs while minimizing changes and infrastructure overhead?

RefreshNextRandom

B. Set up a Route 53 active-passive failover configuration. Direct traffic to a static error page hosted within an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy.
Active-passive failover Use an active-passive failover configuration when you want a primary resource or group of resources to be available the majority of the time and you want a secondary resource or group of resources to be on standby in case all the primary resources become unavailable. When responding to queries, Route 53 includes only the healthy primary resources. If all the primary resources are unhealthy, Route 53 begins to include only the healthy secondary resources in response to DNS queries. To create an active-passive failover configuration with one primary record and one secondary record, you just create the records and specify Failover for the routing policy. When the primary resource is healthy, Route 53 responds to DNS queries using the primary record. When the primary resource is unhealthy, Route 53 responds to DNS queries using the secondary record. How Amazon Route 53 averts cascading failures As the first defense against cascading failures, each request routing algorithm (such as weighted and failover) has a mode of last resort. In this special mode, when all records are considered unhealthy, the Route 53 algorithm reverts to considering all records healthy. For example, if all instances of an application, on several hosts, are rejecting health check requests, Route 53 DNS servers will choose an answer anyway and return it rather than returning no DNS answer or returning an NXDOMAIN (non-existent domain) response. An application can respond to users but still fail health checks, so this provides some protection against misconfiguration. Similarly, if an application is overloaded, and one out of three endpoints fails its health checks, so that it's excluded from Route 53 DNS responses, Route 53 distributes responses between the two remaining endpoints. If the remaining endpoints are unable to handle the additional load and they fail, Route 53 reverts to distributing requests to all three endpoints. Using Amazon CloudFront as the front-end provides the option to specify a custom message instead of the default message. To specify the specific file that you want to return and the errors for which the file should be returned, you update your CloudFront distribution to specify those values. For example, the following is a customized error message: The CloudFront distribution can use the ALB as the origin, which will cause the website content to be cached on the CloudFront edge caches. This solution represents the most operationally efficient choice as no action is required in the event of an issue, other than troubleshooting the root cause. References: Amazon CloudFront > Developer Guide > What is Amazon CloudFront?
S3 Home

S3 Question 69/155


A company maintains about 300 TB in Amazon S3 Standard storage month after month. The S3 objects are each typically around 50 GB in size and are frequently replaced with multipart uploads by their global application. The number and size of S3 objects remain constant but the company's S3 storage costs are increasing each month.

How should a solutions architect reduce costs in this situation?

RefreshNextRandom

B. Enable an S3 Lifecycle policy that deletes incomplete multipart uploads
S3 Home

S3 Question 70/155


A company is building a payment application that must be highly available even during regional service disruptions. A solutions architect must design a data storage solution that can be easily replicated and used in other AWS Regions. The application also requires low–latency atomicity, consistency, isolation, and durability (ACID) transactions that need to be immediately available to generate reports The development team also needs to use SQL.

Which data storage solution meets these requirements?

RefreshNextRandom

C. Amazon S3 with cross-Region replication and Amazon Athena
S3 Home

S3 Question 71/155


A company is moving its legacy workload to the AWS Cloud.

The workload files will be shared, appended, and frequently accessed through Amazon EC2 instances when they are first created.

The files will be accessed occasionally as they age.

What should a solutions architect recommend?

RefreshNextRandom

D. Store the data using Amazon S3 with an S3 lifecycle policy enabled to move data to S3 Standard- Infrequent Access (S3 Standard-IA)
S3 Home

S3 Question 72/155


A company has an application that scans millions of connected devices for security threats and pushes the scan logs to an Amazon S3 bucket.

A total of 70 GB of data is generated each week, and the company needs to store 3 years of data for historical reporting.

The company must process, aggregate, and enrich the data from Amazon S3 by performing complex analytical queries and joins in the least amount of time.

The aggregated dataset is visualized on an Amazon QuickSight dashboard. What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Create and run an ETL job in AWS Glue to process the data from Amazon S3 and load it into Amazon Redshift. Perform the aggregation queries on Amazon Redshift.
S3 Home

S3 Question 73/155


A company stores user data in AWS. The data is used continuously with peak usage during business hours. Access patterns vary, with some data not being used for months at a time. A solution architect must choose a cost–effective solution that maintains the highest level of durability while maintaining high availability.

Which storage solution meets these requirements?

RefreshNextRandom

B. Amazon S3 intelligent-Tiering
S3 Home

S3 Question 74/155


A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission to access Amazon S3?

RefreshNextRandom

B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition.
S3 Home

S3 Question 75/155


A solutions architect is designing the storage architecture for a new web application used for storing and viewing engineering drawings. All application components will be deployed on the AWS infrastructure.

The application design must support caching to minimize the amount of time that users wait for the engineering drawings to load. The application must be able to store petabytes of data. Which combination of storage and caching should the solutions architect use?

RefreshNextRandom

A. Amazon S3 with Amazon CloudFront
CloudFront for caching and S3 as the origin. Glacier is used for archiving which is not the case for this scenario.
S3 Home

S3 Question 76/155


A company is managing health records on–premises. The company must keep these records indefinitely, disable any modifications to the records once they are stored, and granularly audit access at all levels. The chief technology officer (CTO) is concerned because there are already millions of records not being used by any application, and the current infrastructure is running out of space. The CTO has requested a solutions architect design a solution to move existing data and support future records.

Which services can the solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with data events.
Keyword: Move existing data and support future records + Granular audit access at all levels Use AWS DataSync to migrate existing data to Amazon S3, and then use the File Gateway configuration of AWS Storage Gateway to retain access to the migrated data and for ongoing updates from your on-premises file-based applications. Need a solution to move existing data and support future records = AWS DataSync should be used for migration. Need granular audit access at all levels = Data Events should be used in CloudTrail, Management Events is enabled by default. CORRECT: "Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with data events" is the correct answer. INCORRECT: "Use AWS Storage Gateway to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events" is incorrect as "current infrastructure is running out of space" INCORRECT: "Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events." is incorrect as "Management Events is enabled by default" INCORRECT: "Use AWS Storage Gateway to move existing data to AWS. Use Amazon Elastic Block Store (Amazon EBS) to store existing and new data. Enable Amazon S3 object lock and enable Amazon S3 server access logging." is incorrect as "current infrastructure is running out of space" References: AWS DataSync AWS CloudTrail AWS Storage Gateway
S3 Home

S3 Question 77/155


A company has a three–tier image–sharing application. It uses an Amazon EC2 instance for the front–end layer, another for the backend tier, and a third for the MySQL database. A solutions architect has been tasked with designing a solution that is highly available, and requires the least amount of changes to the application.

Which solution meets these requirements?

RefreshNextRandom

D. Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end and backend layers. Move the database to an Amazon RDS instance with a Multi-AZ deployment. Use Amazon S3 to store and serve users' images.
Keyword: Highly available + Least amount of changes to the application High Availability = Multi-AZ Least amount of changes to the application = Elastic Beanstalk Automatically handles the deployment, from capacity provisioning, Load Balancing, Auto Scaling to application health monitoring Option – D will be the right choice and Option – A; Option – B and Option – C out of race due to Cost & inter-operability. HA with Elastic Beanstalk and RDS AWS Elastic Beanstalk AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. There is no additional charge for Elastic Beanstalk – you pay only for the AWS resources needed to store and run your applications. AWS RDS Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. Amazon RDS is available on several database instance types – optimized for memory, performance or I/O – and provides you with six familiar database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server. You can use the AWS Database Migration Service to easily migrate or replicate your existing databases to Amazon RDS. AWS S3 Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world. References: AWS Elastic Beanstalk Amazon Relational Database Service (RDS) Amazon S3
S3 Home

S3 Question 78/155


A company has an on–premises data center that is running out of storage capacity. The company wants to migrate its storage infrastructure to AWS while minimizing bandwidth costs. The solution must allow for immediate retrieval of data at no additional cost.

How can these requirements be met?

RefreshNextRandom

C. Deploy AWS Storage Gateway using stored volumes to store data locally. Use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3.
Volume Gateway provides an iSCSI target, which enables you to create block storage volumes and mount them as iSCSI devices from your on-premises or EC2 application servers. The Volume Gateway runs in either a cached or stored mode: In the cached mode, your primary data is written to S3, while retaining your frequently accessed data locally in a cache for low-latency access. In the stored mode, your primary data is stored locally and your entire dataset is available for low-latency access while asynchronously backed up to AWS.
S3 Home

S3 Question 79/155


A company has an on–premises application that collects data and stores it to an on–premises NFS server.

The company recently set up a 10 Gbps AWS Direct Connect connection. The company is running out of storage capacity on–premises. The company needs to migrate the application data from on–premises to the AWS Cloud while maintaining low–latency access to the data from the on–premises application.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Deploy AWS Storage Gateway for the application data, and use the file gateway to store the data in Amazon S3. Connect the on-premises application servers to the file gateway using NFS.
S3 Home

S3 Question 80/155


A company uses Amazon S3 to store its confidential audit documents.

The S3 bucket uses bucket policies to restrict access to audit team 1AM user credentials according to the principle of least privilege.

Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.

What should a solutions architect do to secure the audit documents?

RefreshNextRandom

A. Enable the versioning and MFA Delete features on the S3 bucket
S3 Home

S3 Question 81/155


A company has thousands of files stored in an Amazon S3 bucket that has a well–defined access pattern. The files are accessed by an application multiple times a day for the first 30 days. Files are rarely accessed within the next 90 days. After that, the files are never accessed again. During the first 120 days, accessing these files should never take more than a few seconds.

Which lifecycle policy should be used for the S3 objects to minimize costs based on the access pattern?

RefreshNextRandom

B. Use Amazon S3 Standard storage for the first 30 days. Then move the files to Amazon S3 Standard- Infrequent Access (S3 Standard-IA) for the next 90 days. Allow the data to expire after that.
It is mentioned that they need to access data in few seconds during the 120 days.
S3 Home

S3 Question 82/155


A company has an application mat provides marketing services to stores. The services are based on previous purchases by store customers.

The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers.

Some of the files can exceed 200 GB in size.

Recently, the company discovered that some of the stores have uploaded tiles that contain personally identifiable information (PII) mat should not have been included.

The company wants administrators to be alerted if Pll is shared again. The company also wants to automate remediation.

What should a solutions architect do to meet these requirements with the LEAS F development effort?

RefreshNextRandom

A. Use an Amazon S3 bucket as a secure transfer point Use Amazon inspector to scan the objects in the bucket If objects contain Pll, trigger an S3 Lifecycle policy to remove the objects that contain Pll.
S3 Home

S3 Question 83/155


A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML, CSS, client–side JavaScript, and images.

Which method is the MOST cost–effective for hosting the website?

RefreshNextRandom

B. Create an Amazon S3 bucket and host the website there.
S3 Home

S3 Question 84/155


A solutions architect is designing a solution to access a catalog of images and provide users with the ability to submit requests to customize images. Image customization parameters will be in any request sent to an AWS API Gateway API. The customized image will be generated on demand, and users will receive a link they can click to view or download their customized image. The solution must be highly available for viewing and customizing images.

What is the MOST cost–effective solution to meet these requirements?

RefreshNextRandom

B. Use AWS Lambda to manipulate the original image to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.
AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume – there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service – all with zero administration. AWS Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring, and logging. All you need to do is supply your code in one of the languages that AWS Lambda supports. Storing your static content with S3 provides a lot of advantages. But to help optimize your application's performance and security while effectively managing cost, we recommend that you also set up Amazon CloudFront to work with your S3 bucket to serve and protect the content. CloudFront is a content delivery network (CDN) service that delivers static and dynamic web content, video streams, and APIs around the world, securely and at scale. By design, delivering data out of CloudFront can be more cost effective than delivering it from S3 directly to your users. CloudFront serves content through a worldwide network of data centers called Edge Locations. Using edge servers to cache and serve content improves performance by providing content closer to where viewers are located. CloudFront has edge servers in locations all around the world. All solutions presented are highly available. The key requirement that must be satisfied is that the solution should be cost-effective and you must choose the most cost-effective option. Therefore, it's best to eliminate services such as Amazon EC2 and ELB as these require ongoing costs even when they're not used. Instead, a fully serverless solution should be used. AWS Lambda, Amazon S3 and CloudFront are the best services to use for these requirements. CORRECT: "Use AWS Lambda to manipulate the original images to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin" is the correct answer. INCORRECT: "Use Amazon EC2 instances to manipulate the original images into the requested customization. Store the original and manipulated images in Amazon S3. Configure an Elastic Load Balancer in front of the EC2 instances" is incorrect. This is not the most cost-effective option as the ELB and EC2 instances will incur costs even when not used. INCORRECT: "Use AWS Lambda to manipulate the original images to the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Elastic Load Balancer in front of the Amazon EC2 instances" is incorrect. This is not the most cost-effective option as the ELB will incur costs even when not used. Also, Amazon DynamoDB will incur RCU/WCUs when running and is not the best choice for storing images. INCORRECT: "Use Amazon EC2 instances to manipulate the original images into the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Amazon CloudFront distribution with the S3 bucket as the origin" is incorrect. This is not the most cost-effective option as the EC2 instances will incur costs even when not used. References: Serverless on AWS
S3 Home

S3 Question 85/155


A company sells datasets to customers who do research in artificial intelligence and machine learning (AIMU).

The datasets are large formatted files met are stored in an Amazon S3 bucket in the us–east–1 Region.

The company hosts a web application that the customers use o purchase access to a given dataset.

The web application Is deployed on mutate Amazon EC2 instances behind an Application Load Balancer.

After a purchase is made customers receive an S3 signed URL that allows access to the files. The customers are distributed across North America and Europe.

The company wants to reduce the cost that is associated with data transfers and wants to maintain or improve performance.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Configure S3 Transfer Accelerator on the ex sting S3 bucket. Direct customer requests to the S3 Transfer Acceleration endpoint Continue to use S3 signed URLs for access control
S3 Home

S3 Question 86/155


A company's application hosted on Amazon EC2 instances needs to access an Amazon S3 bucket. Due to data sensitivity, traffic cannot traverse the internet.

How should a solutions architect configure access?

RefreshNextRandom

B. Configure a VPC gateway endpoint for Amazon S3 in the VPC.
S3 Home

S3 Question 87/155


Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the world. The files are stored in an Amazon S3 bucket. A solutions architect has been asked to design an efficient and effective solution.

Which action should the solutions architect take to accomplish this?

RefreshNextRandom

D. Use Amazon CloudFront with the S3 bucket as its origin.
Using Amazon S3 Origins, MediaPackage Channels, and Custom Origins for Web Distributions Using Amazon S3 Buckets for Your Origin When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in an Amazon S3 bucket. You can use any method that is supported by Amazon S3 to get your objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket. Using an existing Amazon S3 bucket as your CloudFront origin server doesn't change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects at the standard Amazon S3 price. You incur regular Amazon S3 charges for storing the objects in the bucket. Using Amazon S3 Buckets Configured as Website Endpoints for Your Origin You can set up an Amazon S3 bucket that is configured as a website endpoint as custom origin with CloudFront. When you configure your CloudFront distribution, for the origin, enter the Amazon S3 static website hosting endpoint for your bucket. This value appears in the Amazon S3 console, on the Properties tab, in the Static website hosting pane. For example: http://bucket-name.s3-website-region.amazonaws.com For more information about specifying Amazon S3 static website endpoints, see Website endpoints in the Amazon Simple Storage Service Developer Guide. When you specify the bucket name in this format as your origin, you can use Amazon S3 redirects and Amazon S3 custom error documents. For more information about Amazon S3 features, see the Amazon S3 documentation. Using an Amazon S3 bucket as your CloudFront origin server doesn't change it in any way. You can still use it as you normally would and you incur regular Amazon S3 charges. Amazon CloudFront can be used to cache the files in edge locations around the world and this will improve the performance of the webpages. To serve a static website hosted on Amazon S3, you can deploy a CloudFront distribution using one of these configurations: Using a REST API endpoint as the origin with access restricted by an origin access identity (OAI) Using a website endpoint as the origin with anonymous (public) access allowed Using a website endpoint as the origin with access restricted by a Referer header CORRECT: "Use Amazon CloudFront with the S3 bucket as its origin" is the correct answer. INCORRECT: "Generate presigned URLs for the files" is incorrect as this is used to restrict access which is not a requirement. INCORRECT: "Use cross-Region replication to all Regions" is incorrect as this does not provide a mechanism for directing users to the closest copy of the static webpages. INCORRECT: "Use the geoproximity feature of Amazon Route 53" is incorrect as this does not include a solution for having multiple copies of the data in different geographic locations. References: How do I use CloudFront to serve a static website hosted on Amazon S3?
S3 Home

S3 Question 88/155


A company stores user data in AWS. The data is used continuously with peak usage during business hours. Access patterns vary, with some data not being used for months at a time. A solutions architect must choose a cost–effective solution that maintains the highest level of durability while maintaining high availability.

Which storage solution meets these requirements?

RefreshNextRandom

B. Amazon S3 Intelligent-Tiering
S3 Home

S3 Question 89/155


A company is using Amazon CloudFront with its website.

The company has enabled logging on the CloudFront distribution, and logs are saved in one of the company's Amazon S3 buckets.

The company needs to perform advanced analysis on the logs and build visualizations.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

D. Use standard SQL queries in Amazon DynamoDB to analyze the CloudFront logs in the S3 bucket. Visualize the results with Amazon QuickSight.
S3 Home

S3 Question 90/155


A company wants to use high performance computing (HPC) infrastructure on AWS for financial risk modeling. The company's HPC workloads run on Linux. Each HPC workflow runs on hundreds of AmazonEC2 Spot Instances, is short–lived, and generates thousands of output files that are ultimately stored in persistent storage for analytics and long–term future use.

The company seeks a cloud storage solution that permits the copying of on–premises data to long–term persistent storage to make data available for processing by all EC2 instances. The solution should also be a high performance file system that is integrated with persistent storage to read and write datasets and output files.

Which combination of AWS services meets these requirements?

RefreshNextRandom

A. Amazon FSx for Lustre integrated with Amazon S3
S3 Home

S3 Question 91/155


A company hosts a static website on–premises and wants to migrate the website to AWS. The website should load as quickly as possible for users around the world. The company also wants the most cost–effective solution.

What should a solutions architect do to accomplish this?

RefreshNextRandom

B. Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Configure Amazon CloudFront with the S3 bucket as the origin.
What Is Amazon CloudFront? Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. Using Amazon S3 Buckets for Your Origin When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in an Amazon S3 bucket. You can use any method that is supported by Amazon S3 to get your objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket. Using an existing Amazon S3 bucket as your CloudFront origin server doesn't change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects at the standard Amazon S3 price. You incur regular Amazon S3 charges for storing the objects in the bucket. The most cost-effective option is to migrate the website to an Amazon S3 bucket and configure that bucket for static website hosting. To enable good performance for global users the solutions architect should then configure a CloudFront distribution with the S3 bucket as the origin. This will cache the static content around the world closer to users. CORRECT: "Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Configure Amazon CloudFront with the S3 bucket as the origin" is the correct answer. INCORRECT: "Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Replicate the S3 bucket to multiple AWS Regions" is incorrect as there is no solution here for directing users to the closest region. This could be a more cost-effective (though less elegant) solution if AWS Route 53 latency records are created. INCORRECT: "Copy the website content to an Amazon EC2 instance. Configure Amazon Route 53 geolocation routing policies to select the closest origin" is incorrect as using Amazon EC2 instances is less cost-effective compared to hosting the website on S3. Also, geolocation routing does not achieve anything with only a single record. INCORRECT: "Copy the website content to multiple Amazon EC2 instances in multiple AWS Regions. Configure AWS Route 53 geolocation routing policies to select the closest region" is incorrect as using Amazon EC2 instances is less cost-effective compared to hosting the website on S3. References: How do I use CloudFront to serve a static website hosted on Amazon S3?
S3 Home

S3 Question 92/155


A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of an Availability Zone. Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files.

Which storage option meets these requirements?

RefreshNextRandom

B. S3 Intelligent-Tiering
S3 Intelligent-Tiering is a new Amazon S3 storage class designed for customers who want to optimize storage costs automatically when data access patterns change, without performance impact or operational overhead. S3 Intelligent-Tiering is the first cloud object storage class that delivers automatic cost savings by moving data between two access tiers – frequent access and infrequent access – when access patterns change, and is ideal for data with unknown or changing access patterns. S3 Intelligent-Tiering stores objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, S3 Intelligent-Tiering monitors access patterns and moves objects that have not been accessed for 30 consecutive days to the infrequent access tier. There are no retrieval fees in S3 Intelligent-Tiering. If an object in the infrequent access tier is accessed later, it is automatically moved back to the frequent access tier. No additional tiering fees apply when objects are moved between access tiers within the S3 Intelligent-Tiering storage class. S3 Intelligent-Tiering is designed for 99.9% availability and 99.999999999% durability, and offers the same low latency and high throughput performance of S3 Standard.
S3 Home

S3 Question 93/155


A company hosts an application used to upload files to an Amazon S3 bucket. Once uploaded, the files are processed to extract metadata, which takes less than 5 seconds. The volume and frequency of the uploads varies from a few files each hour to hundreds of concurrent uploads. The company has asked a solutions architect to design a cost–effective architecture that will meet these requirements.

What should the solutions architect recommend?

RefreshNextRandom

B. Configure an object-created event notification within the S3 bucket to invoke an AWS Lambda function to process the files.
S3 Home

S3 Question 94/155


A company hosts a training site on a fleet of Amazon EC2 instances.

The company anticipates that its new course, which consists of dozens of training videos on the site, will be extremely popular when it is released in 1 week.

What should a solutions architect do to minimize the anticipated server load?

RefreshNextRandom

C. Store the videos in an Amazon S3 bucket. Create an Amazon CloudFlight distribution with an origin access identity (OAI) of that S3 bucket. Restrict Amazon S3 access to the OAI.
S3 Home

S3 Question 95/155


A company wants to migrate a high performance computing (HPC) application and data from on–premises to the AWS Cloud. The company uses tiered storage on–premises with hot high–performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running.

Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Choose two.)

RefreshNextRandom

A. Amazon S3 for cold data storage
D. Amazon FSx for Lustre for high-performance parallel storage
Amazon FSx for Lustre makes it easy and cost effective to launch and run the world's most popular high-performance file system. Use it for workloads where speed matters, such as machine learning, high performance computing (HPC), video processing, and financial modeling. Amazon FSx for Lustre provides a high-performance file system optimized for fast processing of workloads such as machine learning, high-performance computing (HPC), video processing, financial modeling, and electronic design automation (EDA). These workloads commonly require data to be presented via a fast and scalable file system interface, and typically have data sets stored on long-term data stores like Amazon S3. Amazon FSx works natively with Amazon S3, making it easy to access your S3 data to run data processing workloads. Your S3 objects are presented as files in your file system, and you can write your results back to S3. This lets you run data processing workloads on FSx for Lustre and store your long-term data on S3 or on-premises data stores. Therefore, the best combination for this scenario is to use S3 for cold data and FSx for Lustre for the parallel HPC job. CORRECT: "Amazon S3 for cold data storage" is the correct answer. CORRECT: "Amazon FSx for Lustre for high-performance parallel storage" is the correct answer. INCORRECT: "Amazon EFS for cold data storage" is incorrect as FSx works natively with S3 which is also more economical. INCORRECT: "Amazon S3 for high-performance parallel storage" is incorrect as S3 is not suitable for running high-performance computing jobs. INCORRECT: "Amazon FSx for Windows for high-performance parallel storage" is incorrect as FSx for Lustre should be used for HPC use cases and use cases that require storing data on S3. References: Amazon FSx for Lustre
S3 Home

S3 Question 96/155


A company wants to educe Its Amazon S3 storage costs in its production environment without impacting durability or performance of the stored objects.

What is the FIRST step the company should take to meet these objectives?

RefreshNextRandom

D. Migrate me objects in all S3 buckets to S3 Intelligent-Tie ring
S3 Home

S3 Question 97/155


A photo–sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An Amazon DynamoDB table maintains the locations of photos, and thumbnails are easily re–created from the originals if they are accidentally deleted.

How should the thumbnail images be stored to ensure the LOWEST cost?

S3 Home

S3 Question 98/155


A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.

The files are stored in an on–premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.

Which solution will meet these requirements?

RefreshNextRandom

C. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
S3 Home

S3 Question 99/155


An image hosting company uploads its large assets to Amazon S3 Standard buckets.

The company uses multipart upload in parallel by using S3 APIs and overwrites if the same object is uploaded again.

For the first 30 days after upload the objects will be accessed frequently.

The objects will be used less frequently after 30 days but the access patterns for each object will be inconsistent.

The company must optimize its S3 storage costs while maintaining high availability and resiliency of stored assets.

Which combination of actions should a solutions architect recommend to meet these requirements? (Select TWO.)

RefreshNextRandom

C. Configure an S3 Lifecycle policy to clean up expired object delete markers
D. Move ass ts to S3 Standard-Infrequent Access (S3 Standard-iA) after 30 days
S3 Home

S3 Question 100/155


A company is processing data on a daily basis. The results of the operations are stored in an Amazon S3 bucket, analyzed daily for one week, and then must remain immediately accessible for occasional analysis.

What is the MOST cost–effective storage solution alternative to the current configuration?

RefreshNextRandom

D. Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
S3 Home

S3 Question 101/155


A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets. The EC2 instances access Amazon S3 over the internet, but they do not require any other network access.

A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the internet.

Which change to the network architecture should a solutions architect recommend to meet this requirement?

RefreshNextRandom

C. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets
S3 Home

S3 Question 102/155


A company is using an Amazon S3 bucket to store data uploaded by different departments from multiple locations.

During an AWS Well–Architected review the financial manager notices that 10 TB of S3 Standard storage data has been charged each month.

However, in the AWS Management Console for Amazon S3, using the command to select all files and folders shows a total size of 5 TB.

What are the possible causes for this difference? (Select TWO )

RefreshNextRandom

B. The S3 bucket has versioning enabled
C. There are incomplete S3 multipart uploads
S3 Home

S3 Question 103/155


A company processes large amounts of data. The output data is stored in Amazon S3 Standard storage in an S3 bucket, where it is analyzed for 1 month. The data must remain immediately accessible after the 1–month analysis period.

Which storage solution meets these requirements MOST cost–effectively?

RefreshNextRandom

B. Configure S3 Intelligent-Tiering to transition the objects to S3 Glacier after 30 days.
S3 Home

S3 Question 104/155


A solutions architect is designing the cloud architecture for a new application being deployed to AWS. The application allows users to interactively download and upload files. Files older than 2 years will be accessed less frequently. The solutions architect needs to ensure that the application can scale to any number of files while maintaining high availability and durability.

Which scalable solutions should the solutions architect recommend? (Choose two.)

RefreshNextRandom

A. Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Glacier.
C. Store the files on Amazon Elastic File System (Amazon EFS) with a lifecycle policy that moves objects older than 2 years to EFS Infrequent Access (EFS IA).
S3 Home

S3 Question 105/155


A company uses a legacy on–premises analytics application that operates on gigabytes of .csv files and represents months of data. The legacy application cannot handle the growing size of .csv files. New .csv files are added daily from various data sources to a central on–premises storage location. The company wants to continue to support the legacy application while users learn AWS analytics services. To achieve this, a solutions architect wants to maintain two synchronized copies of all the .csv files on–premises and in Amazon S3.

Which solution should the solutions architect recommend?

RefreshNextRandom

B. Deploy an on-premises file gateway. Configure data sources to write the .csv files to the file gateway. Point the legacy analytics application to the file gateway. The file gateway should replicate the .csv files to Amazon S3.
S3 Home

S3 Question 106/155


A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing, 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.

Which set of services should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage
S3 Home

S3 Question 107/155


A solutions architect is designing a publicly accessible web application that is on an Amazon CloudFront distribution with an Amazon S3 website endpoint as the origin.

When the solution is deployed, the website returns an Error 403: Access Denied message.

Which steps should the solutions architect take to correct the issue? (Select TWO.)

RefreshNextRandom

A. Remove the S3 block public access option from the S3 bucket.
B. Remove the requester pays option from the S3 bucket.
S3 Home

S3 Question 108/155


A company wants to host a scalable web application on AWS. The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost–effective solution to minimize upload and download latency and maximize performance.

What should a solutions architect do to accomplish this?

RefreshNextRandom

A. Use Amazon S3 with Transfer Acceleration to host the application.
The maximum size of a single file that can be delivered through Amazon CloudFront is 20 GB. This limit applies to all Amazon CloudFront distributions.
S3 Home

S3 Question 109/155


A manufacturing company wants to implement predictive maintenance on its machinery equipment. The company will install thousands of IoT sensors that will send data to AWS in real time. A solutions architect is tasked with implementing a solution that will receive events in an ordered manner for each machinery asset and ensure that data is saved for further processing at a later time.

Which solution would be MOST efficient?

RefreshNextRandom

A. Use Amazon Kinesis Data Streams for real-time events with a partition for each equipment asset. Use Amazon Kinesis Data Firehose to save data to Amazon S3.
Amazon SQS Introduces FIFO Queues with Exactly-Once Processing and Lower Prices for Standard Queues You can now use Amazon Simple Queue Service (SQS) for applications that require messages to be processed in a strict sequence and exactly once using First-in, First-out (FIFO) queues. FIFO queues are designed to ensure that the order in which messages are sent and received is strictly preserved and that each message is processed exactly once. Amazon SQS is a reliable and highly-scalable managed message queue service for storing messages in transit between application components. FIFO queues complement the existing Amazon SQS standard queues, which offer high throughput, best-effort ordering, and at-least-once delivery. FIFO queues have essentially the same features as standard queues, but provide the added benefits of supporting ordering and exactly-once processing. FIFO queues provide additional features that help prevent unintentional duplicates from being sent by message producers or from being received by message consumers. Additionally, message groups allow multiple separate ordered message streams within the same queue. Amazon Kinesis Data Streams collect and process data in real time. A Kinesis data stream is a set of shards. Each shard has a sequence of data records. Each data record has a sequence number that is assigned by Kinesis Data Streams. A shard is a uniquely identified sequence of data records in a stream. A partition key is used to group data by shard within a stream. Kinesis Data Streams segregates the data records belonging to a stream into multiple shards. It uses the partition key that is associated with each data record to determine which shard a given data record belongs to. For this scenario, the solutions architect can use a partition key for each device. This will ensure the records for that device are grouped by shard and the shard will ensure ordering. Amazon S3 is a valid destination for saving the data records. CORRECT: "Use Amazon Kinesis Data Streams for real-time events with a partition key for each device. Use Amazon Kinesis Data Firehose to save data to Amazon S3" is the correct answer. INCORRECT: "Use Amazon Kinesis Data Streams for real-time events with a shard for each device. Use Amazon Kinesis Data Firehose to save data to Amazon EBS" is incorrect as you cannot save data to EBS from Kinesis. INCORRECT: "Use an Amazon SQS FIFO queue for real-time events with one queue for each device. Trigger an AWS Lambda function for the SQS queue to save data to Amazon EFS" is incorrect as SQS is not the most efficient service for streaming, real time data. INCORRECT: "Use an Amazon SQS standard queue for real-time events with one queue for each device. Trigger an AWS Lambda function from the SQS queue to save data to Amazon S3" is incorrect as SQS is not the most efficient service for streaming, real time data. References: Amazon Kinesis Data Streams > Developer Guide > Amazon Kinesis Data Streams Terminology and Concepts
S3 Home

S3 Question 110/155


A solutions architect is designing a system that will store personally identifiable information (Pll) in an Amazon S3 bucket.

Due to compliance and regulatory requirements, both the master keys and the unencrypted data should never be sent to AWS.

Which Amazon S3 encryption technique should the architect choose?

RefreshNextRandom

D. Amazon S3 server-side encryption with customer-provided encryption keys (SSE-C)
S3 Home

S3 Question 111/155


A company has copied 1 PB of data from a colocation facility to an Amazon S3 bucket in the us–east–1 Region using an AWS Direct Connect link. The company now wants to copy the data to another S3 bucket in the us–west–2 Region. The colocation facility does not allow the use of AWS Snowball.

What should a solutions architect recommend to accomplish this?

RefreshNextRandom

C. Use the aws S3 sync command to copy data from the source bucket to the destination bucket. References: How can I copy all objects from one Amazon S3 bucket to another bucket?
S3 Home

S3 Question 112/155


Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the work. The files are stored in an Amazon S3 Bucket A solutions architect has been asked to design an efficient and effective solution

Which action should the solutions architect take to accomplish this?

RefreshNextRandom

D. Use Amazon CloudFront with the S3 bucket as its ongin
S3 Home

S3 Question 113/155


A company receives data from millions of users totaling about 1 TB each flay. The company provides its user's with usage reports gang back 12 months Al usage data must be stored for at least 5 years to comply with regulatory and auditing requirements

Which storage solution is MOST cost–effective?

RefreshNextRandom

A. Store the data in Amazon S3 Standard. Set a lifecycle -rule to transition the data to S3 Glacier Deep Archive after 1 year. Set a Recycle rule to delete the data after5 years.
S3 Home

S3 Question 114/155


A company is building a cloud storage and sharing application for photos.

Users can upload photos from their computers and mobile phones to be stored durably in the cloud.

After photos are uploaded, most are shared and downloaded frequently for the first 40–90 days. The photos are generally accessed less often after 90 days but some photos maintain a high access rate.

The application initially stores photos n Amazon S3 Standard.

A solutions architect needs to reduce the application's operational costs without sacrificing user experience or data durability.

Which strategy should the solutions architect use to meet these requirements MOST cost– effectively?

RefreshNextRandom

A. Define an S3 Lifecycle rule to transition objects to S3 Intelligent-Tiering immediately
S3 Home

S3 Question 115/155


A company has several Amazon EC2 instances set up in a private subnet for security reasons. These instances host applications that read and write large amounts of data to and from Amazon S3 regularly.

Currently, subnet routing directs all the traffic destined for the internet through a NAT gateway. The company wants to optimize the overall cost without impacting the ability of the application to communicate with Amazon S3 or the outside internet.

What should a solutions architect do to optimize costs?

RefreshNextRandom

C. Create a VPC endpoint for Amazon S3. Attach an endpoint policy to the endpoint. Update the route table to direct traffic to the VPC endpoint.
S3 Home

S3 Question 116/155


A web application must persist order data to Amazon S3 to support near–real–time processing. A solutions architect needs create an architecture that is both scalable and fault tolerant.

Which solutions meet these requirements? (Select TWO)

RefreshNextRandom

A. Write the order event to an Amazon DynamoDB table. Use DynamoDB Streams to trigger an AWS Lambda function that parses the payload and writes the data to Amazon
B. Write the order event to an Amazon Simple Queue Service (Amazon SQS) queue. Use the queue to trigger an AWS Lambda function that parses the payload and writes the data to Amazon S3.
S3 Home

S3 Question 117/155


A company uses Amazon S3 as its object storage solution. The company has thousands of S3 buckets it uses to store data. Some of the S3 buckets have data that is accessed less frequently than others. A solutions architect found that lifecycle policies are not consistently implemented or are implemented partially, resulting in data being stored in high–cost storage.

Which solution will lower costs without compromising the availability of objects?

RefreshNextRandom

C. Use S3 Intelligent-Tiering storage.
S3 Home

S3 Question 118/155



What is the FASTEST way to aggregate data from all of these global sites?

RefreshNextRandom

B. Upload site data to an Amazon S3 bucket in the closest AWS Region. Use S3 cross-Region replication to copy objects to the destination bucket.
S3 Home

S3 Question 119/155


A social media company is building a feature for its website. The feature will give users the ability to upload photos. The company expects significant increases in demand during large events and must ensure that the website can handle the upload traffic from users.

Which solution meets these requirements with the MOST scalability?

RefreshNextRandom

C. Generate Amazon S3 presigned URLs in the application. Upload files directly from the user's browser into an S3 bucket
S3 Home

S3 Question 120/155


A social media company allows users to upload images to its website. The website runs on Amazon EC2 instances. During upload requests, the website resizes the images to a standard size and stores the resized images in Amazon S3. Users are experiencing slow upload requests to the website.

The company needs to reduce coupling within the application and improve website performance A solutions architect must design the most operationally efficient process for image uploads.

Which combination of actions should the solutions architect take to meet these requirements? (Select TWO.)

RefreshNextRandom

D. Configure S3 Event Notifications to invoke an AWS Lambda function when an image is uploaded. Use the function to resize the image
S3 Home

S3 Question 121/155


A company is running an application on AWS to process weather sensor data that is stored in an Amazon S3 bucket.

Three batch jobs run hourly to process the data in the S3 bucket for different purposes.

The company wants to reduce the overall processing time by running the three applications in parallel using an event–based approach.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SQS) FIFO queues. Create an additional SQS queue for each application and subscribe each queue to the initial topic for processing
S3 Home

S3 Question 122/155


A company's website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company's website demands globally. The solution should be cost effective, limit the provisioning of infrastructure resources, and provide the fastest possible response time.

Which combination should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon CloudFront and Amazon S3
S3 Home

S3 Question 123/155


A data science team requires storage for nightly log processing. The size and number of logs is unknown and will persist for 24 hours only.

What is the MOST cost–effective solution?

RefreshNextRandom

B. Amazon S3 Standard
The S3 Intelligent-Tiering storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. It works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. This is an ideal use case for intelligent-tiering as the access patterns for the log files are not known. CORRECT: "S3 Intelligent-Tiering" is the correct answer. INCORRECT: "S3 Standard-Infrequent Access (S3 Standard-IA)" is incorrect as if the data is accessed often retrieval fees could become expensive. INCORRECT: "S3 One Zone-Infrequent Access (S3 One Zone-IA)" is incorrect as if the data is accessed often retrieval fees could become expensive. INCORRECT: "S3 Glacier" is incorrect as if the data is accessed often retrieval fees could become expensive. Glacier also requires more work in retrieving the data from the archive and quick access requirements can add further costs. References: Unknown or changing access
S3 Home

S3 Question 124/155


You are migrating an internal server on your DC to an EC2 instance with EBS volume. Your server disk usage is around 500GB so you just copied all your data to a 2TB disk to be used with AWS Import/Export.

Where will the data be imported once it arrives at Amazon?

RefreshNextRandom

B. to an S3 bucket with 2 objects of 1TB
An import to Amazon EBS will have different results depending on whether the capacity of your storage device is less than or equal to 1 TB or greater than 1 TB. The maximum size of an Amazon EBS snapshot is 1 TB, so if the device image is larger than 1 TB, the image is chunked and stored on Amazon S3. The target location is determined based on the total capacity of the device, not the amount of data on the device. References: AWS Snowball
S3 Home

S3 Question 125/155


A company wants to use Amazon S3 for the secondary copy of its on–premises dataset. The company would rarely need to access this copy. The storage solution's cost should be minimal.

Which storage solution meets these requirements?

RefreshNextRandom

D. S3 One Zone-Infrequent Access (S3 One Zone-IA)
S3 Home

S3 Question 126/155


A media company has an application that tracks user clicks on its websites and performs analytics to provide near–real–time recommendations. The application has a Heel of Amazon EC2 instances that receive data from the websites and send the data to an Amazon RDS DB instance. Another fleet of EC2 instances hosts the portion of the application that is continuously checking changes in the database and executing SQL queries to provide recommendations. Management has requested a redesign to decouple the infrastructure. The solution must ensure that data analysts are writing SQL to analyze the data only No data can the lost during the deployment.

What should a solutions architect recommend?

RefreshNextRandom

B. Use Amazon Kinesis Data Streams to capture the data from the websites. Kinesis Data Analytics to query the data, and Kinesis Data Firehose to persist the data on Amazon S3.
S3 Home

S3 Question 127/155


A company plans to deploy a new application in AWS that reads and writes information to a database.

The company wants to deploy the application in two different AWS Regions with each application writing to a database in their Region.

The databases in the Two Regions needs to keep We data synchronized What should be used to meet these requirements?

RefreshNextRandom

A. Use Amazon Athena with Amazon S3 Cross-Region Replication
S3 Home

S3 Question 128/155


A company has an image processing workload running on Amazon Elastic Container Service (Amazon ECS) in two private subnets. Each private subnet uses a NAT instance for internet access. All images are stored in Amazon S3 buckets. The company is concerned about the data transfer costs between Amazon ECS and Amazon S3.

What should a solutions architect do to reduce costs?

RefreshNextRandom

C. Configure an interface endpoint for traffic destined to Amazon S3.
S3 and Dynamo DB does not support interface endpoints. Both S3 and DynamoDB are routed via Gateway endpoint. Interface Endpoint only supports services that are integrated with PrivateLink. References: Amazon Virtual Private Cloud > AWS PrivateLink > VPC endpoints Amazon Virtual Private Cloud > AWS PrivateLink > AWS services that integrate with AWS PrivateLink
S3 Home

S3 Question 129/155


A company receives inconsistent service from its data center provider because the company is headquartered in an area affected by natural disasters. The company is not ready to fully migrate to the AWS Cloud, but it wants a failure environment on AWS in case the on–premises data center fails.

The company runs web servers that connect to external vendors. The data available on AWS and on–premises must be uniform.

Which solution should a solutions architect recommend that has the LEAST amount of downtime?

RefreshNextRandom

A. Configure an Amazon Route 53 failover record. Run application servers on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. Set up AWS Storage Gateway with stored volumes to back up data to Amazon S3.
S3 Home

S3 Question 130/155


A company is running a two–tier eCommerce website using services. The current architect uses a public facing Elastic Load Balancer that sends traffic to Amazon EC2 instances in a private subnet. The static content is hosted on EC2 instances, and the dynamic content is retrieved from a MYSQL database. The application is running in the United States. The company recently started selling to users in Europe and Australia. A solutions architect needs to design solution so their international users have an improved browsing experience.

Which solution is MOST cost–effective?

RefreshNextRandom

B. Use Amazon CloudFront and Amazon S3 to host static images.
S3 Home

S3 Question 131/155


A company is designing a website that uses an Amazon S3 bucket to store static images. The company wants all future requests to have faster response times while reducing both latency and cost.

Which service configuration should a solutions architect recommend?

RefreshNextRandom

B. Deploy Amazon CloudFront in front of Amazon S3.
S3 Home

S3 Question 132/155


A company wants to migrate its 1PB on–premises image repository to AWS.

The images will be used by a serverless web application Images stored in the repository are rarely accessed, but they must be immediately available. Additionally, the images must be encrypted at rest and protected from accidental deletion.

Which solution meets these requirements?

RefreshNextRandom

B. Store the images in an Amazon S3 bucket in the S3 Standard-Infrequent Access (S3 Standard- IA) storage class. Enable versioning: default encryption, and MFA Delete on the S3 bucket
S3 Home

S3 Question 133/155


A company has thousands of edge devices that collectively generate 1 TB of status alerts each day. Each alert is approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis.

The company wants a highly available solution. However, the company needs to minimize costs and does not want to manage additional infrastructure. Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days.

What is the MOST operationally efficient solution that meets these requirements?

RefreshNextRandom

A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts. Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3 bucket. Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days.
S3 Home

S3 Question 134/155


A company has enabled AWS CloudTrail logs to deliver log files to an Amazon S3 bucket for each of its developer accounts. The company has created a central AWS account for streamlining management and audit reviews. An internal auditor needs to access the CloudTrail logs, yet access needs to be restricted for all developer account users. The solution must be secure and optimized.

How should a solutions architect meet these requirements?

RefreshNextRandom

C. Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account. Create an IAM role in the central account for the auditor. Attach an IAM policy providing read only permissions to the bucket. Go to dashboard
S3 Home

S3 Question 135/155


An application is running on Amazon EC2 instances. Sensitive information required for the application is stored in an Amazon S3 bucket. The bucket needs to be protected from internet access while only allowing services within the VPC access to the bucket.

Which combination of actions should solutions archived take to accomplish this? (Choose two.)

RefreshNextRandom

A. Create a VPC endpoint for Amazon S3.
C. Apply a bucket policy to restrict access to the S3 endpoint.
ACL is a property at object level not at bucket level. Also by just adding ACL you cant let the services in VPC allow access to the bucket.
S3 Home

S3 Question 136/155


A company needs to store data for 6 years. The company will need to have immediate and highly available access to the data at any point in time, but will not require frequent access.

What lifecycle action should be taken to meet these requirements while reducing costs?

RefreshNextRandom

A. Transition objects from Amazon S3 Standard to Amazon S3 Standard Infrequent Access (S3 Standard IA)
S3 Home

S3 Question 137/155


A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.

What should a solutions architect do to secure the audit documents?

RefreshNextRandom

A. Enable the versioning and MFA Delete features on the S3 bucket
S3 Home

S3 Question 138/155


A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be deleted. Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days.

Which storage solution is MOST cost–effective?

RefreshNextRandom

C. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation. Delete the files 4 years after object creation.
S3 Home

S3 Question 139/155


A solutions architect is tasked with transferring 750 TB of data from a network–attached file system located at a branch office Amazon S3 Glacier. The solution must avoid saturating the branch office's low–bandwidth internet connection.

What is the MOST cost–effective solution?

RefreshNextRandom

D. Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.
Regional Limitations for AWS Snowball The AWS Snowball service has two device types, the standard Snowball and the Snowball Edge. The following table highlights which of these devices are available in which regions. The following table highlights which of these devices are available in which regions. The following table highlights which of these devices are available in which regions. Limitations on Jobs in AWS Snowball The following limitations exist for creating jobs in AWS Snowball: For security purposes, data transfers must be completed within 90 days of the Snowball being prepared. Currently, AWS Snowball Edge device doesn't support server-side encryption with customer-provided keys (SSE-C). AWS Snowball Edge device does support server-side encryption with Amazon S3–managed encryption keys (SSE-S3) and server-side encryption with AWS Key Management Service – managed keys (SSE-KMS). For more information, see Protecting Data Using Server-Side Encryption in the Amazon Simple Storage Service Developer Guide. In the US regions, Snowballs come in two sizes: 50 TB and 80 TB. All other regions have the 80 TB Snowballs only. If you're using Snowball to import data, and you need to transfer more data than will fit on a single Snowball, create additional jobs. Each export job can use multiple Snowballs. The default service limit for the number of Snowballs you can have at one time is 1. If you want to increase your service limit, contact AWS Support. All objects transferred to the Snowball have their metadata changed. The only metadata that remains the same is filename and filesize. All other metadata is set as in the following example: -rw-rw-r– 1 root root [filesize] Dec 31 1969 [path/filename]. Object lifecycle management To manage your objects so that they are stored cost effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions: Transition actions – Define when objects transition to another storage class. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after you created them, or archive objects to the S3 Glacier storage class one year after creating them. Expiration actions – Define when objects expire. Amazon S3 deletes expired objects on your behalf. The lifecycle expiration costs depend on when you choose to expire objects. As the company's internet link is low-bandwidth uploading directly to Amazon S3 (ready for transition to Glacier) would saturate the link. The best alternative is to use AWS Snowball appliances. The Snowball Edge appliance can hold up to 75 TB of data so 10 devices would be required to migrate 750 TB of data. Snowball moves data into AWS using a hardware device and the data is then copied into an Amazon S3 bucket of your choice. From there, lifecycle policies can transition the S3 objects to Amazon S3 Glacier. CORRECT: "Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier" is the correct answer. INCORRECT: "Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination. Create a bucket policy to enforce a VPC endpoint" is incorrect as you cannot set a Glacier vault as the destination, it must be an S3 bucket. You also can't enforce a VPC endpoint using a bucket policy. INCORRECT: "Create an AWS Direct Connect connection and migrate the data straight into Amazon Glacier" is incorrect as this is not the most cost-effective option and takes time to setup. INCORRECT: "Use AWS Global Accelerator to accelerate upload and optimize usage of the available bandwidth" is incorrect as this service is not used for accelerating or optimizing the upload of data from on-premises networks. References: AWS Snowball Edge Developer Guide > AWS Snowball Edge Specifications
S3 Home

S3 Question 140/155


A company is planning to migrate a business–critical dataset to Amazon S3. The current solution design uses a single S3 bucket in the us–east–1 Region with versioning enabled to store the dataset. The company's disaster recovery policy states that all data multiple AWS Regions.

How should a solutions architect design the S3 solution?

RefreshNextRandom

C. Create an additional S3 bucket with versioning in another Region and configure cross-Region replication.
Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region. Both source and destination buckets must have versioning enabled. CORRECT: "Create an additional S3 bucket with versioning in another Region and configure cross-Region replication" is the correct answer. INCORRECT: "Create an additional S3 bucket in another Region and configure cross-Region replication" is incorrect as the destination bucket must also have versioning enabled. INCORRECT: "Create an additional S3 bucket in another Region and configure cross-origin resource sharing (CORS)" is incorrect as CORS is not related to replication. INCORRECT: "Create an additional S3 bucket with versioning in another Region and configure cross-origin resource sharing (CORS)" is incorrect as CORS is not related to replication. References: Amazon Simple Storage Service > User Guide > Replicating objects
S3 Home

S3 Question 141/155


A company stores call recordings on a monthly basis Statistically, the recorded data may be referenced randomly within a year but accessed rarely after 1 year.

Files that are newer than 1 year old must be queried and retrieved as quickly as possible.

A delay in retrieving older files is acceptable A solutions architect needs to store the recorded data at a minimal cost.

Which solution is MOST cost–effective?

RefreshNextRandom

B. Store individual files in Amazon S3 Use lifecycle policies to move the files to Amazon S3 Glacier after 1 year. Query and retrieve the files from Amazon S3 or S3 Glacier.
S3 Home

S3 Question 142/155


A company wants to monitor its AWS costs for financial review. The cloud operations team is designing an architecture in the AWS Organizations master account to query AWS Cost and Usage Reports for all member accounts.

The team must run this query once a month and provide a detailed analysis of the bill.

Which solution is the MOST scalable and cost–effective way to meet these requirements?

RefreshNextRandom

B. Enable Cost and Usage Reports in the master account. Deliver the reports to Amazon S3. Use Amazon Athena for analysis.
S3 Home

S3 Question 143/155


A company hosts historical weather records in Amazon S3. The records are downloaded from the company's website by a way of a URL that resolves to a domain name. Users all over the world access this content through subscriptions. A third–party provider hosts the company's root domain name, but the company recently migrated some of its services to Amazon Route 53. The company wants to consolidate contracts, reduce latency for users, and reduce costs related to serving the application to subscribers.

Which solution meets these requirements?

RefreshNextRandom

B. Create a web distribution on Amazon CloudFront to serve the S3 content for the application. Create an ALIAS record in the Amazon Route 53 hosted zone that points to the CloudFront distribution, resolving to the application's URL domain name.
S3 Home

S3 Question 144/155


A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing. 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.

Which set of services should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage
S3 Home

S3 Question 145/155


The financial application at a company stores monthly reports in an Amazon S3 bucket. The vice president of finance has mandated that all access to these reports be logged and that any modifications to the log files be detected.

Which actions can a solutions architect take to meet these requirements?

RefreshNextRandom

C. Use AWS CloudTrail to create a new trail. Configure the trail to log read and write data events on the S3 bucket that houses the reports Log these events to a new bucket, and enable log file validation References: Amazon Simple Storage Service > User Guide > Enabling CloudTrail event logging for S3 buckets and objects
S3 Home

S3 Question 146/155


A company is using Amazon S3 as its local repository for weekly analysis reports. One of the company–wide requirements is to secure data at rest using encryption. The company chooses Amazon 53 server–side encryption (SSE)

How can the object be decrypted when a GET request is issued?

RefreshNextRandom

D. Amazon S3 provides a server-side key for decrypting the object
S3 Home

S3 Question 147/155


A company is implementing a data lake solution on Amazon S3. Its security policy mandates that the data stored in Amazon S3 should be encrypted at rest.

Which options can achieve this? (Select TWO.)

RefreshNextRandom

B. Use S3 server-side encryption with customer-provided keys (SSE-C).
D. Use client-side encryption before ingesting the data to Amazon S3 using encryption keys.
S3 Home

S3 Question 148/155


A company needs to retain application log files for a critical application for 10years. The application team regularly accesses logs from the past month for troubleshooting, but logs older than 1 month are rarely accessed. The application generates more than 10 TB of logs per month.

Which storage option meets these requirements MOST cost–effectively?

RefreshNextRandom

B. Store the logs in Amazon S3. Use S3 Lifecycle policies to move logs more than 1 month old to S3 Glacier Deep Archive.
S3 Home

S3 Question 149/155


A company stores call recordings on a monthly basis. Statistically, the recorded data may be referenced randomly within a year but accessed rarely after 1 year. Files that are newer than 1 year old must be queried and retrieved as quickly as possible. A delay in retrieving older files is acceptable. A solutions architect needs to store the recorded data at a minimal cost.

Which solution is MOST cost–effective?

RefreshNextRandom

B. Store individual files in Amazon S3. Use lifecycle policies to move the files to Amazon S3 Glacier after1 year. Query and retrieve the files from Amazon S3 or S3 Glacier.
S3 Home

S3 Question 150/155


A company has thousands of edge devices that collectively generate 1 TB of status averts each day Each alert s approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis.

The company wants a highly available solution However the company needs to minimize costs and does not want to manage additional infrastructure Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days.

What is the MOST operationally efficient solution that meets these requirements?

RefreshNextRandom

A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3 bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days
S3 Home

S3 Question 151/155


A company runs an application on a group of Amazon Linux EC2 instances. The application writes log files using standard API calls. For compliance reasons, all log files must be retained indefinitely and will be analyzed by a reporting tool that must access all files concurrently.

Which storage service should a solutions architect use to provide the MOST cost–effective solution?

RefreshNextRandom

D. Amazon S3
Amazon S3: Requests to Amazon S3 can be authenticated or anonymous. Authenticated access requires credentials that AWS can use to authenticate your requests. When making REST API calls directly from your code, you create a signature using valid credentials and include the signature in your request. Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world. The application is writing the files using API calls which means it will be compatible with Amazon S3 which uses a REST API. S3 is a massively scalable key-based object store that is well-suited to allowing concurrent access to the files from many instances. Amazon S3 will also be the most cost-effective choice. A rough calculation using the AWS pricing calculator shows the cost differences between 1TB of storage on EBS, EFS, and S3 Standard. CORRECT: "Amazon S3" is the correct answer. INCORRECT: "Amazon EFS" is incorrect as though this does offer concurrent access from many EC2 Linux instances, it is not the most cost-effective solution. INCORRECT: "Amazon EBS" is incorrect. The Elastic Block Store (EBS) is not a good solution for concurrent access from many EC2 instances and is not the most cost-effective option either. EBS volumes are mounted to a single instance except when using multi-attach which is a new feature and has several constraints. INCORRECT: "Amazon EC2 instance store" is incorrect as this is an ephemeral storage solution which means the data is lost when powered down. Therefore, this is not an option for long-term data storage. References: Amazon Simple Storage Service > User Guide > Best practices design patterns: optimizing Amazon S3 performance
S3 Home

S3 Question 152/155


A company runs a website on Amazon EC2 instances behind an ELB Application Load Balancer. Amazon Route 53 is used for the DNS. The company wants to set up a backup website with a message including a phone number and email address that users can reach if the primary website is down.

How should the company deploy this solution?

RefreshNextRandom

A. Use Amazon S3 website hosting for the backup website and Route 53 failover routing policy.
S3 Home

S3 Question 153/155


A company has multiple AWS accounts for various departments. One of the departments wants to share an Amazon S3 bucket with all other departments.

Which solution will require the LEAST amount of effort?

RefreshNextRandom

C. Set the S3 bucket policy to allow cross-account access to other departments.
S3 standard is the best choice in this scenario for a short term storage solution. In this case the size and number of logs is unknown and it would be difficult to fully assess the access patterns at this stage. Therefore, using S3 standard is best as it is cost-effective, provides immediate access, and there are no retrieval fees or minimum capacity charge per object. CORRECT: "Amazon S3 Standard" is the correct answer. INCORRECT: "Amazon S3 Intelligent-Tiering" is incorrect as there is an additional fee for using this service and for a short-term requirement it may not be beneficial. INCORRECT: "Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)" is incorrect as this storage class has a minimum capacity charge per object (128 KB) and a per GB retrieval fee. INCORRECT: "Amazon S3 Glacier Deep Archive" is incorrect as this storage class is used for archiving data. There are retrieval fees and it take hours to retrieve data from an archive. References: Amazon S3 Storage Classes
S3 Home

S3 Question 154/155


A company has NFS servers in an on–premises data center that need to periodically back up small amounts of data to Amazon S3.

Which solution meets these requirements and is MOST cost–effective?

RefreshNextRandom

C. Set up an SFTP sync using AWS Transfer for SFTP to sync data from on-premises to Amazon S3.
S3 Home

S3 Question 155/155


A company runs a photo processing application mat needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region A solutions architect has noticed an increased cost in data transfer lees and needs to implement a solution to reduce these costs

How can the solutions architect meet this requirement?

RefreshNextRandom

C. Deploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets
S3 Home

EC2

- 90 Questions
EC2(90)  Home

EC2 Question 1/90


A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets. The EC2 instances access Amazon S3 over the internet, but they do not require any other network access.

A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the internet.

Which change to the network architecture should a solutions architect recommend to meet this requirement?

RefreshNextRandom

C. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets
EC2 Home

EC2 Question 2/90


A company Is designing an internet–facing web application. The application runs on Amazon EC2 for Linux–based instances that store sensitive user data in Amazon RDS MySQL Multi–AZ DB instances.

The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web–based attacks.

What should a solutions architect recommend?

RefreshNextRandom

D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.
EC2 Home

EC2 Question 3/90


A solutions architect is designing an architecture to run a third–party database server. The database software is memory intensive and has a CPU–based licensing model where the cost increases with the number of vCPU cores within the operating system. The solutions architect must select an Amazon EC2 instance with sufficient memory to run the database software, but the selected instance has a large number of vCPUs. The solutions architect must ensure that the vCPUs will not be underutilized and must minimize costs.

Which solution meets these requirements?

RefreshNextRandom

A. Select and launch a smaller EC2 instance with an appropriate number of vCPUs.
EC2 Home

EC2 Question 4/90


A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.

A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.

A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?

RefreshNextRandom

C. Deleting Amazon EC2 instances
EC2 Home

EC2 Question 5/90


A solution architect is designing a shared storage solution for an Auto Scaling web application. The company anticipates making frequent changes to the content, so the solution must have strong consistency.

Which solution requires the LEAST amount of effort?

RefreshNextRandom

B. Create an Amazon Elastic File system ( Amazon EFS ) file system and mount it on the individual Amazon EC2 instance
EC2 Home

EC2 Question 6/90


A company receives inconsistent service from its data center provider because the company is headquartered in an area affected by natural disasters. The company is not ready to fully migrate to the AWS Cloud, but it wants a failure environment on AWS in case the on–premises data center fails.

The company runs web servers that connect to external vendors. The data available on AWS and on–premises must be uniform.

Which solution should a solutions architect recommend that has the LEAST amount of downtime?

RefreshNextRandom

A. Configure an Amazon Route 53 failover record. Run application servers on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. Set up AWS Storage Gateway with stored volumes to back up data to Amazon S3.
EC2 Home

EC2 Question 7/90


A three–tier web application processes orders from customers. The web tier consists of Amazon EC2 instances behind an Application Load Balancer, a middle tier of three EC2 instances decoupled from the web tier using Amazon SQS, and an Amazon DynamoDB backend. At peak times, customers who submit orders using the site have to wait much longer than normal to receive confirmations due to lengthy processing times. A solutions architect needs to reduce these processing times.

Which action will be MOST effective in accomplishing this?

RefreshNextRandom

D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SQS queue depth.
EC2 Home

EC2 Question 8/90


A company is planning to build a new web application on AWS. The company expects predictable traffic most of the year and very high traffic on occasion. The web application needs to be highly available and fault tolerant with minimal latency.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

B. Use Amazon EC2 instances in an Auto Scaling group with an Application Load Balancer across multiple Availability Zones.
EC2 Home

EC2 Question 9/90


A company is building an application on Amazon EC2 instances that generates temporary transactional data. The application requires access to data storage that can provide configurable and consistent IOPS.

What should a solutions architect recommend?

RefreshNextRandom

C. Provision an EC2 instance with a General Purpose SSD (gp2) root volume and Provisioned IOPS SSD (io1) data volume.
EC2 Home

EC2 Question 10/90


A company is deploying an application that processes large quantities of data in parallel. The company plans to use Amazon EC2 instances for the workload.

The network architecture must be configurable to provide the lowest possible latency between nodes.

Which combination of network solutions will meet these requirements? (Select TWO)

RefreshNextRandom

C. Place the EC2 instances in a single Availability Zone
E. Run the EC2 instances in a cluster placement group
EC2 Home

EC2 Question 11/90


A company has a two–tier application architecture that runs in public and private subnets. Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet.

The web application instances and the database are running in a single Availability Zone (AZ).

Which combination of steps should a solutions architect take to provide high availability for this architecture? (Choose two.)

RefreshNextRandom

B. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs.
E. Create new public and private subnets in the same VPC, each in a new AZ. Migrate the database to an Amazon RDS multi-AZ deployment.
You would the EC2 instances to have high availability by placing them in multiple AZs.
EC2 Home

EC2 Question 12/90


An Amazon EC2 administrator created the following policy associated with an IAM group containing several users:

An Amazon EC2 administrator created the following policy associated with an IAM group containing several users.

What is the effect of this policy?

RefreshNextRandom

C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
What the policy means: 1. Allow termination of any instance if user's source IP address is 100.100.254. 2. Deny termination of instances that are not in the us-east-1 Combining this two, you get: "Allow instance termination in the us-east-1 region if the user's source IP address is 10.100.100.254. Deny termination operation on other regions."
EC2 Home

EC2 Question 13/90


A company operates a website on Amazon EC2 Linux instances Some of the instances are failing. Troubleshooting points to insufficient swap space on the failed instances. The operations team lead needs a solution to monitor this

What should a solutions architect recommend?

RefreshNextRandom

A. Configure an Amazon CloudWatch SwapUsage metric dimension Monitor the SwapUsage dimension in the EC2 metrics in CloudWatch.
EC2 Home

EC2 Question 14/90


A company has hired a solutions architect to design a reliable architecture for its application.

The application consists of one Amazon RDS DB instance and two manually provisioned Amazon EC2 instances that run web servers.

The EC2 instances are located in a single Availability Zone.

An employee recently deleted the DB instance and the application was unavailable for 24 hours as a result.

The company is concerned with the overall reliability of its environment.

What should the solutions architect do to maximize reliability of the application's infrastructure?

RefreshNextRandom

B. Update the DB instance to be Multiple-AZ and enable deletion protection. Place the EC2 instances behind an Application Load Balancer and run them in an EC2 Auto Seating group across multiple Availability Zones
EC2 Home

EC2 Question 15/90


A company hosts its website on AWS. To address the highly variable demand, the company has implemented Amazon EC2 Auto Scaling.

Management is concerned that the company is over–provisioning its infrastructure, especially at the front end of the three–tier application. A solutions architect needs to ensure costs are optimized without impacting performance.

What should the solutions architect do to accomplish this?

RefreshNextRandom

D. Use Auto Scaling with a target tracking scaling policy. References: Amazon EC2 Auto Scaling > User Guid > Target tracking scaling policies for Amazon EC2 Auto Scaling
EC2 Home

EC2 Question 16/90


A company hosts its multi–tier public web application in the AWS Cloud. The web application runs on Amazon EC2 instances and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes.

What should the solutions architect do to meet this requirement?

RefreshNextRandom

B. Enable detailed monitoring on all EC2 instances Use Amazon CloudWatch metrics to perform further analysis
EC2 Home

EC2 Question 17/90


A solutions architect is using an AWS Cloud Formation template to deploy a three–tier web application. The web application consists of a web tier and an application tier that stores and retrieves user data in Amazon DynamoDB tables. The web and application tiers are hosted on Amazon EC2 instances, and the database tier is not publicly accessible. The application EC2 instances need to access the DynamoDB tables without exposing API credentials in the template.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

B. Create an IAM role that has the required permissions to read and write from the DynamoOB tables. Add the role to the EC2 instance profile and associate the instance profile with the apphcanon instances
EC2 Home

EC2 Question 18/90


A company hosts its multi–tier public web application in the AWS Cloud. The web application runs on Amazon EC2 instances and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend. A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes.

What should the solutions architect do to meet this requirement?

RefreshNextRandom

B. Enable detailed monitoring on all EC2 instances. Use Amazon CloudWatch metrics to perform further analysis.
EC2 Home

EC2 Question 19/90


A company has a highly dynamic batch processing job that uses many Amazon EC2 instances to complete it. The job is stateless in nature, can be started and stopped at any given time with no negative impact, and typically takes upwards of 60 minutes total to complete. The company has asked a solutions architect to design a scalable and cost–effective solution that meets the requirements of the job.

What should the solutions architect recommend?

RefreshNextRandom

A. Implement EC2 Spot Instances.
EC2 Home

EC2 Question 20/90


A company is launching an eCommerce website on AWS. This website is built with a three–tier architecture that includes a MySQL database in a Multi–AZ deployment of Amazon Aurora MySQL. The website application must be highly available and will initially be launched in an AWS Region with three Availability Zones The application produces a metric that describes the load the application experiences.

Which solution meets these requirements?

RefreshNextRandom

B. Configure an Application Load Balancer (ALB) and Amazon EC2 Auto Scaling behind the ALB with a simple scaling policy.
EC2 Home

EC2 Question 21/90


A solution architect needs to design a highly available application consisting of web, application, and database tiers. HTTPS content delivery should be as close to the edge as possible, with the least delivery time.

Which solution meets these requirements and is MOST secure?

RefreshNextRandom

B. Amazon EC2 instances in private subnets Configure. Configure a public Application Load Balancer with multiple redundant Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.
EC2 Home

EC2 Question 22/90


A company runs multiple Amazon EC2 Linux instances in a VPC with applications that use a hierarchical directory structure. The applications need to rapidly and concurrently read and write to shared storage.

How can this be achieved?

RefreshNextRandom

A. Create an Amazon EFS file system and mount it from each EC2 instance.
EC2 Home

EC2 Question 23/90


A company runs its two–tier eCommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third–party web service. The application must be highly available.

Which combination of configuration options will meet these requirements? (Choose two.)

RefreshNextRandom

A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.
B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.
EC2 Home

EC2 Question 24/90


A company currently has 250 TB of backup files stored in Amazon S3 in a vendor's proprietary format.

Using a Linux–based software application provided by the vendor, the company wants to retrieve files from Amazon S3, transform the files to an industry–standard format, and re–upload them to Amazon S3. The company wants to minimize the data transfer charges associated with this conversation.

What should a solutions architect do to accomplish this?

RefreshNextRandom

D. Launch an Amazon EC2 instance in the same Region as Amazon S3 and install the conversion software onto the instance. Perform the transformation and re-upload the files to Amazon S3 from the EC2 instance.
EC2 Home

EC2 Question 25/90


A start–up company has a web application based in the us–east–1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones As the company's user base grows in the us–west–1 Region, it needs 3 solution with low latency and high availability.

What should a solutions architect do to accomplish this?

RefreshNextRandom

C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
ELB provides load balancing within one Region, AWS Global Accelerator provides traffic management across multiple Regions […] AWS Global Accelerator complements ELB by extending these capabilities beyond a single AWS Region, allowing you to provision a global interface for your applications in any number of Regions. If you have workloads that cater to a global client base, we recommend that you use AWS Global Accelerator. If you have workloads hosted in a single AWS Region and used by clients in and around the same Region, you can use an Application Load Balancer or Network Load Balancer to manage your resources. References: AWS Global Accelerator FAQs
EC2 Home

EC2 Question 26/90


An eCommerce company is creating an application that requires a connection to a third–party payment service to process payments. The payment service needs to explicitly allow the public IP address of the server that is making the payment request. However, the company's security policies do not allow any server to be exposed directly to the public internet.

Which solution will meet these requirements?

RefreshNextRandom

B. Create a NAT gateway in a public subnet. Host the application servers on Amazon EC2 instances in a private subnet. Route payment requests through the NAT gateway.
EC2 Home

EC2 Question 27/90


A three–tier web application processes orders from customers. The web tier consists of Amazon EC2 instances behind an Application Load Balancer, a middle tier of three EC2 instances decoupled from the web tier using Amazon SQS. and an Amazon DynamoDB backend. At peak times, customers who submit orders using the site have to wait much longer than normal to receive confirmations due to lengthy processing times. A solutions architect needs to reduce these processing times.

Which action will be MOST effective in accomplishing this?

RefreshNextRandom

D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SOS queue depth.
EC2 Home

EC2 Question 28/90


A solutions architect is designing a high performance computing (HPC) workload on Amazon EC2. The EC2 instances need to communicate to each other frequently and require network performance with low latency and high throughput.

Which EC2 configuration meets these requirements?

RefreshNextRandom

A. Launch the EC2 instances in a cluster placement group in one Availability Zone.
When you launch a new EC2 instance, the EC2 service attempts to place the instance in such a way that all of your instances are spread out across underlying hardware to minimize correlated failures. You can use placement groups to influence the placement of a group of interdependent instances to meet the needs of your workload. Depending on the type of workload, you can create a placement group using one of the following placement strategies: Cluster • packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications. Partition • spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka. Spread • strictly places a small group of instances across distinct underlying hardware to reduce correlated failures. For this scenario, a cluster placement group should be used as this is the best option for providing low-latency network performance for a HPC application. CORRECT: "Launch the EC2 instances in a cluster placement group in one Availability Zone" is the correct answer. INCORRECT: "Launch the EC2 instances in a spread placement group in one Availability Zone" is incorrect as the spread placement group is used to spread instances across distinct underlying hardware. INCORRECT: "Launch the EC2 instances in an Auto Scaling group in two Regions. Place a Network Load Balancer in front of the instances" is incorrect as this does not achieve the stated requirement to provide low-latency, high throughput network performance between instances. Also, you cannot use an ELB across Regions. INCORRECT: "Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones" is incorrect as this does not reduce network latency or improve performance. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Placement groups
EC2 Home

EC2 Question 29/90


A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight, the application becomes much slower when the month–end financial calculation batch executes. This causes the CPU utilization of the EC2 instances to immediately peak to 100%, which disrupts the application.

What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?

RefreshNextRandom

C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
EC2 Home

EC2 Question 30/90


A company operates a website on Amazon EC2 Linux instances. Some of the instances are failing.

Troubleshooting points to insufficient swap space on the failed instances. The operations team lead needs a solution to monitor this.

What should a solutions architect recommend?

RefreshNextRandom

C. Install an Amazon CloudWatch agent on the instances. Run an appropriate script on a set schedule. Monitor SwapUtilization metrics in CloudWatch. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Monitor memory and disk metrics for Amazon EC2 Linux instances
EC2 Home

EC2 Question 31/90


A company is running a three–tier web application to process credit card payments. The front–end user interface consists of static webpages. The application tier can have long–running processes. The database tier uses MySQL.

The application is currently running on a single, general–purpose large Amazon EC2 instance. A solutions architect needs to decouple the services to make the web application highly available.

Which solution would provide the HIGHEST availability?

RefreshNextRandom

B. Move static assets and the application into a medium EC2 instance. Leave the database on the large instance. Place both instances in an Auto Scaling group.
EC2 Home

EC2 Question 32/90


A company wants to run a static website served through Amazon CloudFront.

What is an advantage of storing the website content in an Amazon S3 bucket instead of an Amazon Elastic Block Store (Amazon EBS) volume?

RefreshNextRandom

B. S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin
EC2 Home

EC2 Question 33/90


A company is building a web application that serves a content management system. The content management system runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run in an Auto Scaling group across multiple Availability Zones Users are constantly adding and updating files blogs and other website assets in the content management system.

A solutions architect must implement a solution in which all the EC2 instances share up–to–date website content with the least possible lag time.

Which solution meets these requirements?

RefreshNextRandom

A. Update the EC2 user data in the Auto Scaling group lifecycle policy to copy the website assets from the EC2 instance that was launched most recently Configure the ALB to make changes to the website assets only m the newest EC2 instance
EC2 Home

EC2 Question 34/90


An application running on an Amazon EC2 instance needs to access an Amazon DynamoDB table. Both the EC2 instance and the DynamoDB table are in the same AWS account. A solutions architect must configure the necessary permissions.

Which solution will allow least privilege access to the DynamoDB table from the EC2 instance?

RefreshNextRandom

A. Create an IAM role with the appropriate policy to allow access to the DynamoDB table. Create an instance profile to assign this IAM role to the EC2 instance.
EC2 Home

EC2 Question 35/90


A gaming company has multiple Amazon EC2 instances in a single Availability Zone for its multiplayer game that communicates with users on Layer 4. The chief technology officer (CTO) wants to make the architecture highly available and cost–effective.
What should a solutions architect do to meet these requirements? (Choose two.)?

RefreshNextRandom

C. Configure a Network Load Balancer in front of the EC2 instances.
E. Configure an Auto Scaling group to add or remove instances in multiple Availability Zones automatically.
Network Load Balancer overview: A Network Load Balancer functions at the fourth layer of the Open Systems Interconnection (OSI) model. It can handle millions of requests per second. After the load balancer receives a connection request, it selects a target from the target group for the default rule. It attempts to open a TCP connection to the selected target on the port specified in the listener configuration. When you enable an Availability Zone for the load balancer, Elastic Load Balancing creates a load balancer node in the Availability Zone. By default, each load balancer node distributes traffic across the registered targets in its Availability Zone only. If you enable cross-zone load balancing, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones. For more information, see Availability Zones. If you enable multiple Availability Zones for your load balancer and ensure that each target group has at least one target in each enabled Availability Zone, this increases the fault tolerance of your applications. For example, if one or more target groups does not have a healthy target in an Availability Zone, we remove the IP address for the corresponding subnet from DNS, but the load balancer nodes in the other Availability Zones are still available to route traffic. If a client doesn't honor the time-to-live (TTL) and sends requests to the IP address after it is removed from DNS, the requests fail. For TCP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, destination port, and TCP sequence number. The TCP connections from a client have different source ports and sequence numbers, and can be routed to different targets. Each individual TCP connection is routed to a single target for the life of the connection. For UDP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, and destination port. A UDP flow has the same source and destination, so it is consistently routed to a single target throughout its lifetime. Different UDP flows have different source IP addresses and ports, so they can be routed to different targets. An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service. The size of an Auto Scaling group depends on the number of instances that you set as the desired capacity. You can adjust its size to meet demand, either manually or by using automatic scaling. An Auto Scaling group starts by launching enough instances to meet its desired capacity. It maintains this number of instances by performing periodic health checks on the instances in the group. The Auto Scaling group continues to maintain a fixed number of instances even if an instance becomes unhealthy. If an instance becomes unhealthy, the group terminates the unhealthy instance and launches another instance to replace it. The solutions architect must enable high availability for the architecture and ensure it is cost- effective. To enable high availability an Amazon EC2 Auto Scaling group should be created to add and remove instances across multiple availability zones. In order to distribute the traffic to the instances the architecture should use a Network Load Balancer which operates at Layer 4. This architecture will also be cost-effective as the Auto Scaling group will ensure the right number of instances are running based on demand. CORRECT: "Configure a Network Load Balancer in front of the EC2 instances" is a correct answer. CORRECT: "Configure an Auto Scaling group to add or remove instances in multiple Availability Zones automatically" is also a correct answer. INCORRECT: "Increase the number of instances and use smaller EC2 instance types" is incorrect as this is not the most cost-effective option. Auto Scaling should be used to maintain the right number of active instances. INCORRECT: "Configure an Auto Scaling group to add or remove instances in the Availability Zone automatically" is incorrect as this is not highly available as it's a single AZ. INCORRECT: "Configure an Application Load Balancer in front of the EC2 instances" is incorrect as an ALB operates at Layer 7 rather than Layer 4. References: Amazon EC2 Auto Scaling > User Guide > Elastic Load Balancing and Amazon EC2 Auto Scaling
EC2 Home

EC2 Question 36/90


In Amazon AWS, which of the following statements is true of key pairs?

RefreshNextRandom

B. Key pairs are used only for Amazon EC2 and Amazon CloudFront.
Key pairs consist of a public and private key, where you use the private key to create a digital signature, and then AWS uses the corresponding public key to validate the signature. Key pairs are used only for Amazon EC2 and Amazon CloudFront. References: AWS General Reference > Reference guide > Understanding and getting your AWS credentials
EC2 Home

EC2 Question 37/90


A company is deploying a production portal application on AWS. The database tier has structured data.

The company requires a solution that is easily manageable and highly available.

How can these requirements be met?

RefreshNextRandom

A. Deploy the database on multiple Amazon EC2 instances backed by Amazon Elastic Block Store (Amazon EBS) across multiple Availability Zones.
EC2 Home

EC2 Question 38/90


In Amazon EC2 Container Service, are other container types supported?

RefreshNextRandom

C. No, Docker is the only container platform supported by EC2 Container Service presently.
In Amazon EC2 Container Service, Docker is the only container platform supported by EC2 Container Service presently. References: Amazon Elastic Container Service FAQs
EC2 Home

EC2 Question 39/90



Which solution will meet these requirements?

RefreshNextRandom

B. Increase the size of the EC2 NAT instance in the VPC to a network optimized instance type
EC2 Home

EC2 Question 40/90


A monolithic application was recently migrated to AWS and is now running on a single Amazon EC2 instance. Due to application limitations, it is not possible to use automatic scaling to scale out the application. The chief technology officer (CTO) wants an automated solution to restore the EC2 instance in the unlikely event the underlying hardware fails.

What would allow for automatic recovery of the EC2 instance as quickly as possible?

RefreshNextRandom

A. Configure an Amazon CloudWatch alarm that triggers the recovery of the EC2 instance if it becomes impaired. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Recover your instance
EC2 Home

EC2 Question 41/90


An environment has an Auto Scaling group across two Availability Zones to as AZ–a and AZ–b has four instances, and AZ–b has three EC2 instances.

The Auto Scaling group uses a default termination policies. None of the instances are protected from a scale–in event.

How will Auto Scaling processed if there is a scale–in event?

RefreshNextRandom

C. Auto Scaling selects the Availability Zone with four EC2 instances, and then continues to evaluate.
EC2 Home

EC2 Question 42/90


A company designed a stateless two–tier application that uses Amazon EC2 in a single Availability Zone and an Amazon RDS Multi–AZ DB instance. New company management wants to ensure the application is highly available.

What should a solutions architect do to meet this requirement?

RefreshNextRandom

A. Configure the application to use Multi-AZ EC2 Auto Scaling and create an Application Load Balancer.
EC2 Home

EC2 Question 43/90


A company is building its web application using containers on AWS. The company requires three instances of the web application to run at all times. The application must be able to scale to meet increases in demand. Management is extremely sensitive to cost but agrees that the application should be highly available.

What should a solutions architect recommend?

RefreshNextRandom

D. Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Amazon EC2 launch type with one container instance in two different Availability Zones. Create a task definition for the web application. Place two tasks on one container instance and one task on the remaining container instance.
EC2 Home

EC2 Question 44/90


A company is designing an internet–facing web application. The application runs on Amazon EC2 for Linux–based instances that store sensitive user data in Amazon RDS MySQL Multi–AZ DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web–based attacks.

What should a solutions architect recommend?

RefreshNextRandom

C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group.
EC2 Home

EC2 Question 45/90


A company has a web application hosted over 10 Amazon CC2 instances with traffic directed by Amazon Route 53.

The company occasionally experiences a timeout error when attempting to browse the application.

The networking team finds that some DNS queries return IP addresses of unhealthy instances, resulting in the timeout error.

What should a solutions architect implement to overcome these timeout errors?

RefreshNextRandom

A. Create a Route 53 simple touting policy record lot each EC2 instance Associate a hearth check with each record
EC2 Home

EC2 Question 46/90


A company is building a document storage application on AWS. The application runs on Amazon EC2 instances in multiple Availability Zones. The company requires the document store to be highly available.

The documents need to be returned immediately when requested. The lead engineer has configured the application to use Amazon Elastic Block Store (Amazon EBS) to store the documents, but is willing to consider other options to meet the availability requirement.

What should a solutions architect recommend?

RefreshNextRandom

B. Use Amazon EBS for the EC2 instance root volumes. Configure the application to build the document store on Amazon S3.
EC2 Home

EC2 Question 47/90


A company requires operating system permission on a relational database server.

What should a solutions architect suggest as a configuration for a highly available database architecture?

RefreshNextRandom

A. Multiple Amazon EC2 instances in a database replication configuration that uses two Availability Zones
EC2 Home

EC2 Question 48/90


A company wants to improve the availability and performance of its hybrid application. The application consists of a stateful TCP–based workload hosted on Amazon EC2 instances in different AWS Regions and a stateless UOP–based workload hosted on–premises.

Which combination of actions should a solutions architect take to improve availability and performance? (Choose two.)

RefreshNextRandom

A. Create an accelerator using AWS Global Accelerator. Add the load balancers as endpoints.
D. Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure a Network Load Balancer in each Region that routes to the on-premises endpoints.
EC2 Home

EC2 Question 49/90


A company has two applications it wants to migrate to AWS. Both applications process a large set of files by accessing the same files at the same time. Both applications need to read the files with low latency.

Which architecture should a solutions architect recommend for this situation?

RefreshNextRandom

D. Configure two Amazon EC2 instances to run both applications. Configure Amazon Elastic File System (Amazon EFS) with General Purpose performance mode and Bursting Throughput mode to store the data.
EC2 Home

EC2 Question 50/90


A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity

Which architecture offers the HIGHEST availability?

RefreshNextRandom

D. Use Amazon MQ with active/standby brokers configured across two Availability Zones Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones Use Amazon RDS for MySQL with Multi-AZ enabled.
EC2 Home

EC2 Question 51/90


A company observes an increase in Amazon EC2 costs in its most recent bill.

The billing team notices unwanted vertical scaling of instance types for a couple of EC2 instances.

A solutions architect needs to create a graph comparing the last 2 months of EC2 costs and perform an in–depth analysis to identify the root cause of the vertical scaling.

How should the solutions architect generate the information with the LEAST operational overhead?

RefreshNextRandom

C. Use graphs from the AWS Billing and Cost Management dashboard to compare EC2 costs based on instance types for the least 2 months.
EC2 Home

EC2 Question 52/90


What is a placement group in Amazon EC2?

RefreshNextRandom

A. It is a group of EC2 instances within a single Availability Zone.
A placement group is a logical grouping of instances within a single Availability Zone. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Placement groups
EC2 Home

EC2 Question 53/90


A solutions architect is designing a shared storage solution for a web application that is deployed across multiple Availability Zones.

The web application runs on Amazon EC2 instances in an Auto Scaling group.

The company anticipates making frequent changes to the content, so the solution must have strong consistency.

Which solution meets these requirements?

RefreshNextRandom

B. Create an Amazon Elastic File System (Amazon EFS) file system and mount it on the individual EC2 instances.
EC2 Home

EC2 Question 54/90


A company is running an application on Amazon EC2 instances. Traffic to the workload increases substantially during business hours and decreases afterward. The CPU utilization of an EC2 instance is a strong indicator of end–user demand on the application.

The company has configured an Auto Scaling group to have a minimum group size of 2 EC2 instances and a maximum group size of 10 EC2 instances.

The company is concerned that the current scaling policy that is associated with the Auto Scaling group might not be correct. The company must avoid over–provisioning EC2 instances and incurring unnecessary costs.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

D. Configure AWS Auto Scaling to have a desired capacity of 5 EC2 instances, and disable any existing scaling policies. Monitor the CPU utilization metric for 1 week. Then create dynamic scaling policies that are based on the observed values.
EC2 Home

EC2 Question 55/90


Cost Explorer is showing charges higher than expected for Amazon Elastic Block Store (Amazon EBS) volumes connected to application servers in a production account.

A significant portion of the changes from Amazon EBS are from volumes that were created as Provisioned IOPS SSD (101) volume types Controlling costs is the highest priority for this application.

Which steps should the user take to analyze and reduce the EBS costs without incurring any application downtime? (Select TWO )

RefreshNextRandom

A. Use the Amazon EC2 ModifylnstanceAttribute action to enable EBS optimization on the application server instances
D. Use the Amazon EC2 ModifyVolume action to change the volume type of the underutilized io1 volumes to General Purpose SSD (gp2)
EC2 Home

EC2 Question 56/90


A solutions architect is creating an application that will handle batch processing of large amounts of data.

The input data will be held in Amazon S3 and the output data will be stored in a different S3 bucket. For processing, the application will transfer the data over the network between multiple Amazon EC2 instances.

What should the solutions architect do to reduce the overall data transfer costs?

RefreshNextRandom

C. Place all the EC2 instances in the same Availability Zone.
The transfer is between EC2 instances and not just between S3 and EC2. Also, be aware of inter-Availability Zones data transfer charges between Amazon EC2 instances, even within the same region. If possible, the instances in a development or test environment that need to communicate with each other should be co-located within the same Availability Zone to avoid data transfer charges. (This doesn't apply to production workloads which will most likely need to span multiple Availability Zones for high availability.) References: AWS Management & Governance Blog > Using AWS Cost Explorer to analyze data transfer costs
EC2 Home

EC2 Question 57/90


A company is running an application on Amazon EC2 instances hosted in a private subnet of a VPC.

The EC2 instances are configured in an Auto Scaling group behind an Elastic Load Balancer (ELB).

The EC2 instances use a NAT gateway for outbound internet access.

However the EC2 instances are not able to connect to the public internet to download software updates.

What are the possible root causes of this issue? (Select TWO )

RefreshNextRandom

B. The route tables in the VPC are configured incorrectly
E. The outbound rules on the security group attached to the EC2 Instances are configured incorrectly.
EC2 Home

EC2 Question 58/90


A company has an application that uses overnight digital images of products on store shelves to analyze inventory data. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) and obtains the images from an Amazon S3 bucket for its metadata to be processed by worker nodes for analysis. A solutions architect needs to ensure that every image is processed by the worker nodes.

What should the solutions architect do to meet this requirement in the MOST cost–efficient way?

RefreshNextRandom

B. Process the image metadata by sending it directly to EC2 Reserved Instances in an Auto Scaling group. With a dynamic scaling policy, use an Amazon CloudWatch metric for average CPU utilization of the Auto Scaling group as soon as the front-end application obtains the images.
EC2 Home

EC2 Question 59/90


A company is building an application that consists of several microservices. The company has decided to use container technologies to deploy its software on AWS. The company needs a solution that minimizes the amount of ongoing effort for maintenance and scaling. The company cannot manage additional infrastructure.

Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

RefreshNextRandom

A. Deploy an Amazon Elastic Container Service (Amazon ECS) cluster.
B. Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple Availability Zones.
EC2 Home

EC2 Question 60/90


A company runs a high performance computing (HPC) workload on AWS. The workload required low latency network performance and high network throughput with tightly coupled node–to–node communication. The Amazon EC2 instances are properly sized for compute and storage capacity, and are launched using default options.

What should a solutions architect propose to improve the performance of the workload?

RefreshNextRandom

A. Choose a cluster placement group while launching Amazon EC2 instances.
EC2 Home

EC2 Question 61/90


A user wants to list the IAM role that is attached to their Amazon EC2 instance. The user has login access to the EC2 instance but does not have IAM permissions.

What should a solutions architect do to retrieve this information?

RefreshNextRandom

A. Run the following EC2 command: curl http://169.254.169.254/latest/meta-data/iam/info References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > IAM roles for Amazon EC2
EC2 Home

EC2 Question 62/90


A company stores project information in a shared spreadsheet. The company wants to create a web application to replace the spreadsheet. The company has chosen Amazon DynamoDB to store the spreadsheet's data and is designing the web application to display the project information that is obtained from DynamoDB.

A solutions architect must design the web application's backend by using managed services that require minimal operational maintenance.

Which architectures meet these requirements? (Select TWO.)

RefreshNextRandom

A. An Amazon API Gateway REST API accesses the project information that is in DynamoD
E. An Elastic Load Balancer forwards requests to a target group of Amazon EC2 instances. The EC2 instances run an application that accesses DynamoD
EC2 Home

EC2 Question 63/90


A company is building a web application that servers a content management system.

The content management system runs on Amazon EC2 instances behind an Application Load Balancer (ALB).

The EC2 instances run in an Auto Scaling group across Availability Zones.

Users are constantly adding and updating files, blogs, and other website assets in the content management system.

Which solution meets these requirements?

RefreshNextRandom

C. Copy the website assets to an Amazon S3 bucket. Ensure that each EC2 instance downloads the website assets from the S3 bucket to the attached Amazon Basic Block Store (Amazon EBS) volume. Run the S3 sync command once each hour to keep files up to date.
EC2 Home

EC2 Question 64/90


A user wants to list the IAM role that is attached to their Amazon EC2 instance. The user has login access to the EC2 instance but does not have IAM permissions.

What should a solutions architect do to retrieve this information?

RefreshNextRandom

B. Run the following EC2 command curl http://169.254.169.254/latest-/user-data/iam/info
EC2 Home

EC2 Question 65/90


A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type for ECS tasks. The company is monitoring CPU and memory usage because it is expecting high traffic to the application upon its launch. However, the company wants to reduce costs when utilization decreases.

What should a solutions architect recommend?

RefreshNextRandom

A. Use Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns.
EC2 Home

EC2 Question 66/90


A company has an application hosted on Amazon EC2 instances in two VPCs across different AWS Regions. To communicate with each other, the instances use the internet for connectivity. The security team wants to ensure that no communication between the instances happens over the internet.

What should a solutions architect do to accomplish this?

RefreshNextRandom

D. Create a VPC peering connection and update the route table of the EC2 instances' subnet.
EC2 Home

EC2 Question 67/90


A mobile gaming company runs application servers on Amazon EC2 instances. The servers receive updates from players every 15 minutes. The mobile game creates a JSON object of the progress made in the game since the last update, and sends the JSON object to an Application Load Balancer. As the mobile game is played, game updates are being lost. The company wants to create a durable way to get the updates in older.

What should a solutions architect recommend to decouple the system?

RefreshNextRandom

C. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues to capture the data and EC2 instances to process the messages in the queue.
EC2 Home

EC2 Question 68/90


A company manages its own Amazon EC2 instances that run MySQL databases. The company is manually managing replication and scaling as demand increases or decreases. The company needs a new solution that simplifies the process of adding or removing compute capacity to or from its database tier as needed.

The solution also must offer improved performance, scaling, and durability with minimal effort from operations.

Which solution meets these requirements?

RefreshNextRandom

D. Create an EC2 Auto Scaling group for the database tier. Migrate the existing databases to the new environment.
EC2 Home

EC2 Question 69/90


A company is building an online multiplayer game. The game communicates by using UDP, and low latency between the client and the backend is important. The backend is hosted on Amazon EC2 instances that can be deployed to multiple AWS Regions to meet demand. The company needs the game to be highly available so that users around the world can access the game at all times.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Deploy Amazon CloudFront to support an origin access identity (OAI). Associate the OAI with EC2 instances in each Region to support global traffic.
EC2 Home

EC2 Question 70/90


A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis. An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.

Which action will MOST securely grant the EC2 instance access to the S3 bucket?

RefreshNextRandom

C. Associate an IAM role with least privilege permissions to the EC2 instance profile.
Keyword: Privilege Permission + IAM Role AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users. IAM roles for Amazon EC2 Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances. For example, you can securely distribute your AWS credentials to the instances, enabling the applications on those instances to use your credentials to sign requests, while protecting your credentials from other users. However, it's challenging to securely distribute credentials to each instance, especially those that AWS creates on your behalf, such as Spot Instances or instances in Auto Scaling groups. You must also be able to update the credentials on each instance when you rotate your AWS credentials. We designed IAM roles so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles as follows: Create an IAM role. Define which accounts or AWS services can assume the role. Define which API actions and resources the application can use after assuming the role. Specify the role when you launch your instance, or attach the role to an existing instance. Have the application retrieve a set of temporary credentials and use them. For example, you can use IAM roles to grant permissions to applications running on your instances that need to use a bucket in Amazon S3. You can specify permissions for IAM roles by creating a policy in JSON format. These are similar to the policies that you create for IAM users. If you change a role, the change is propagated to all instances. When creating IAM roles, associate least privilege IAM policies that restrict access to the specific API calls the application requires. References: AWS Identity and Access Management (IAM) FAQs Amazon Elastic Compute Cloud > User Guide for Linux Instances > IAM roles for Amazon EC2
EC2 Home

EC2 Question 71/90


A company is hosting multiple websites for several lines of business under its registered parent domain.

Users accessing these websites will be routed to appropriate backend Amazon EC2 instances based on the subdomain. The websites host static webpages, images, and server–side scripts like PHP and JavaScript. Some of the websites experience peak access during the first two hours of business with constant usage throughout the rest of the day. A solutions architect needs to design a solution that will automatically adjust capacity to these traffic patterns while keeping costs low.

Which combination of AWS services or features will meet these requirements? (Choose two.)

RefreshNextRandom

C. Application Load Balancer
D. Amazon EC2 Auto Scaling References: Amazon Simple Storage Service > User Guide > Hosting a static website using Amazon S3
EC2 Home

EC2 Question 72/90


The following IAM policy is attached to an IAM group. This is the only policy applied to the group.
The following IAM policy is attached to an IAM group. This is the only policy applied to the group.
What are the effective IAM permissions of this policy for group members?

RefreshNextRandom

D. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Groups are permitted any other Amazon EC2 action within the us-east-1 Region
EC2 Home

EC2 Question 73/90


A company relies on an application that needs at least 4 Amazon EC2 instances during regular traffic and must scale up to 12 EC2 instances during peak loads. The application is critical to the business and must be highly available.

Which solution will meet these requirements?

RefreshNextRandom

C. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 8 and the maximum to 12, with 4 in Availability Zone A and 4 in Availability Zone B.
EC2 Home

EC2 Question 74/90


A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity

Which architecture offers the HIGHEST availability?

RefreshNextRandom

D. Use Amazon MQ with active/standby brokers configured across two Availability Zones Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones Use Amazon RDS for MySQL with Multi-AZ enabled.
EC2 Home

EC2 Question 75/90


A company recently deployed a new auditing system to centralize information about operating system versions, patching, and installed software for Amazon EC2 instances. A solutions architect must ensure all instances provisioned through EC2 Auto Scaling groups successfully send reports to the auditing system as soon as they are launched and terminated.

Which solution achieves these goals MOST efficiently?

RefreshNextRandom

B. Use EC2 Auto Scaling lifecycle hooks to execute a custom script to send data to the audit system when instances are launched and terminated.
EC2 Home

EC2 Question 76/90


A solution architect at a company is designing the architecture for a two–tiered web application. The web application is composed of an internet facing application load balancer that forwards traffic to an auto scaling group of Amazon EC2 instances. The EC2 instances must be able to access a database that runs on Amazon RDS.

The company has requested a defense–in–depth approach to the network layout. The company does not want to rely solely on security groups or network ACLs. Only the minimum resources that are necessary should be routable from the internet.

Which network design should the solutions architect recommend to meet these requirements?

RefreshNextRandom

B. Place the ALB in public subnets. Place the EC2 instances and RDS database in private subnets
EC2 Home

EC2 Question 77/90


A company is performing an AWS Well–Architected Framework review of an existing workload deployed on AWS. The review identified a public–facing website running on the same Amazon EC2 instance as a Microsoft Active Directory domain controller that was installed recently to support other AWS services. A solutions architect needs to recommend a new design that would improve the security of the architecture and minimize the administrative demand on IT staff.

What should the solutions architect recommend?

RefreshNextRandom

A. Use AWS Directory Service to create a managed Active Directory. Uninstall Active Directory on the current EC2 instance.
AWS Managed Microsoft AD: AWS Directory Service lets you run Microsoft Active Directory (AD) as a managed service. AWS Directory Service for Microsoft Active Directory, also referred to as AWS Managed Microsoft AD, is powered by Windows Server 2012 R2. When you select and launch this directory type, it is created as a highly available pair of domain controllers connected to your virtual private cloud (VPC). The domain controllers run in different Availability Zones in a region of your choice. Host monitoring and recovery, data replication, snapshots, and software updates are automatically configured and managed for you. Migrate AD to AWS Managed AD and keep the webserver alone. Reduce risk = remove AD from that EC2. Minimize admin = remove AD from any EC2 -> use AWS Directory Service Active Directory connector is only for ON-PREM AD. The one they have exists in the cloud already.
EC2 Home

EC2 Question 78/90


A company relies on an application that needs at least 4 Amazon EC2 instances during regular traffic and must scale up to 12 EC2 instances during peak loads.

The application is critical to the business and must be highly available.

Which solution will meet these requirements?

RefreshNextRandom

C. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 8 and the maximum to 12, with 4 in Availability Zone A and 4 in Availability Zone B
It requires HA and if one AZ is down then at least 4 instances will be active in another AZ which is key for this question.
EC2 Home

EC2 Question 79/90


A start–up company has a web application based in the us–east–1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones. As the company's user base grows in the us–west–1 Region, it needs a solution with low latency and high availability.

What should a solutions architect do to accomplish this?

RefreshNextRandom

C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
Register endpoints for endpoint groups: You register one or more regional resources, such as Application Load Balancers, Network Load Balancers, EC2 Instances, or Elastic IP addresses, in each endpoint group. Then you can set weights to choose how much traffic is routed to each endpoint. Endpoints in AWS Global Accelerator: Endpoints in AWS Global Accelerator can be Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses. A static IP address serves as a single point of contact for clients, and Global Accelerator then distributes incoming traffic across healthy endpoints. Global Accelerator directs traffic to endpoints by using the port (or port range) that you specify for the listener that the endpoint group for the endpoint belongs to. Each endpoint group can have multiple endpoints. You can add each endpoint to multiple endpoint groups, but the endpoint groups must be associated with different listeners. Global Accelerator continually monitors the health of all endpoints that are included in an endpoint group. It routes traffic only to the active endpoints that are healthy. If Global Accelerator doesn't have any healthy endpoints to route traffic to, it routes traffic to all endpoints. ELB provides load balancing within one Region, AWS Global Accelerator provides traffic management across multiple Regions […] AWS Global Accelerator complements ELB by extending these capabilities beyond a single AWS Region, allowing you to provision a global interface for your applications in any number of Regions. If you have workloads that cater to a global client base, we recommend that you use AWS Global Accelerator. If you have workloads hosted in a single AWS Region and used by clients in and around the same Region, you can use an Application Load Balancer or Network Load Balancer to manage your resources. References: AWS Global Accelerator FAQs
EC2 Home

EC2 Question 80/90


A company's application is running on Amazon EC2 instances in a single Region. In the event of a disaster, a solutions architect needs to ensure that the resources can also be deployed to a second Region.

Which combination of actions should the solutions architect take to accomplish this? (Choose two.)

RefreshNextRandom

B. Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region.
D. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination.
Cross Region EC2 AMI Copy We know that you want to build applications that span AWS Regions and we're working to provide you with the services and features needed to do so. We started out by launching the EBS Snapshot Copy feature late last year. This feature gave you the ability to copy a snapshot from Region to Region with just a couple of clicks. In addition, last month we made a significant reduction (26% to 83%) in the cost of transferring data between AWS Regions, making it less expensive to operate in more than one AWS region. Today we are introducing a new feature: Amazon Machine Image (AMI) Copy. AMI Copy enables you to easily copy your Amazon Machine Images between AWS Regions. AMI Copy helps enable several key scenarios including: Simple and Consistent Multi-Region Deployment – You can copy an AMI from one region to another, enabling you to easily launch consistent instances based on the same AMI into different regions. Scalability – You can more easily design and build world-scale applications that meet the needs of your users, regardless of their location. Performance – You can increase performance by distributing your application and locating critical components of your application in closer proximity to your users. You can also take advantage of region specific features such as instance types or other AWS services. Even Higher Availability – You can design and deploy applications across AWS regions, to increase availability. Once the new AMI is in an Available state the copy is complete. Once the new AMI is in an Available state the copy is complete.
EC2 Home

EC2 Question 81/90


A company wants to improve the availability and performance of its stateless UDP–based workload. The workload is deployed on Amazon EC2 instances in multiple AWS Regions.

What should a solutions architect recommend to accomplish this?

RefreshNextRandom

D. Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs.
EC2 Home

EC2 Question 82/90


A company captures clickstream data from multiple websites and analyzes it using batch processing. The data is loaded nightly into Amazon Redshift and is consumed by business analysts. The company wants to move towards near–real–time data processing for timely insights. The solution should process the streaming data with minimal effort and operational overhead.

Which combination of AWS services are MOST cost–effective for this solution? (Choose two.)

RefreshNextRandom

A. Amazon EC2
D. Amazon Kinesis Data Firehose
Kinesis Data Streams and Kinesis Client Library (KCL) – Data from the data source can be continuously captured and streamed in near real-time using Kinesis Data Streams. With the Kinesis Client Library (KCL), you can build your own application that can preprocess the streaming data as they arrive and emit the data for generating incremental views and downstream analysis. Kinesis Data Analytics – This service provides the easiest way to process the data that is streaming through Kinesis Data Stream or Kinesis Data Firehose using SQL. This enables customers to gain actionable insight in near real-time from the incremental stream before storing it in Amazon S3. Lambda architecture building blocks on AWS References: Evolve from batch to real-time analytics
EC2 Home

EC2 Question 83/90


A company wants to use a custom distributed application that calculates various profit and loss scenarios. To achieve this goal, the company needs to provide a network connection between its Amazon EC2 instances. The connection must minimize latency and must maximize throughput

Which solution will meet these requirements?

RefreshNextRandom

B. Configure a placement group for EC2 instances that have the same instance type.
EC2 Home

EC2 Question 84/90


The following IAM policy is attached to an IAM group.
What are the effective IAM permissions of this policy for group members?
This is the only policy applied to the group.

What are the effective IAM permissions of this policy for group members?

RefreshNextRandom

D. Group members are allowed the ec2 Stoplnstances and ec2. Terminate instances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA) Group members are permitted any other Amazon EC2 action within the us-east-1 Region.
EC2 Home

EC2 Question 85/90


A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight, the application becomes much slower when the month–end financial calculation batch executes. This causes the CPU utilization of the EC2 instances to immediately peak to 100%, which disrupts the application.

What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?

RefreshNextRandom

C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
Scheduled Scaling for Amazon EC2 Auto Scaling Scheduled scaling allows you to set your own scaling schedule. For example, let's say that every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. You can plan your scaling actions based on the predictable traffic patterns of your web application. Scaling actions are performed automatically as a function of time and date. Scheduled scaling allows you to set your own scaling schedule. In this case the scaling action can be scheduled to occur just prior to the time that the reports will be run each month. Scaling actions are performed automatically as a function of time and date. This will ensure that there are enough EC2 instances to serve the demand and prevent the application from slowing down. CORRECT: "Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule" is the correct answer. INCORRECT: "Configure an Amazon CloudFront distribution in front of the ALB" is incorrect as this would be more suitable for providing access to global users by caching content. INCORRECT: "Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization" is incorrect as this would not prevent the slow-down from occurring as there would be a delay between when the CPU hits 100% and the metric being reported and additional instances being launched. INCORRECT: "Configure Amazon ElastiCache to remove some of the workload from the EC2 instances" is incorrect as ElastiCache is a database cache, it cannot replace the compute functions of an EC2 instance. References: Amazon EC2 Auto Scaling > User Guide > Scheduled scaling for Amazon EC2 Auto Scaling
EC2 Home

EC2 Question 86/90


A development team stores its Amazon RDS MySQL DB instance user name and password credentials in a configuration file. The configuration file is stored as plaintext on the root device volume of the team's Amazon EC2 instance. When the team's application needs to reach the database, it reads the file and loads the credentials into the code. The team has modified the permissions of the configuration file so that only the application can read its content. A solution architect must design a more secure solution.

What should the solutions architect do to meet this requirement?

RefreshNextRandom

D. Move the configuration file to an EC2 instance store, and create an Amazon Machine Image (AMI) of the instance. Launch new instances from this AMI.
EC2 Home

EC2 Question 87/90


A company wants to move a multi–tiered application from on–premises to the AWS Cloud to improve the application's performance. The application consists of application tiers that communicate with each other by way of RESTful services.

Transactions are dropped when one tier becomes overloaded. A solutions architect must design a solution that resolves these issues and modernizes the application.

Which solution meets these requirements and is the MOST operationally efficient?

RefreshNextRandom

D. Use Amazon Simple Queue Service (Amazon SQS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SQS queue length and scale up when communication failures are detected.
EC2 Home

EC2 Question 88/90


A solutions architect must design a solution for a persistent database that is being migrated from on–premises to AWS. The database requires 64,000 IOPS according to the database administrator. If possible, the database administrator wants to use a single Amazon Elastic Block Store (Amazon EBS) volume to host the database instance.

Which solution effectively meets the database administrator's criteria?

RefreshNextRandom

B. Create an Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (io1) volume attached. Configure the volume to have 64,000 IOPS.
EC2 Home

EC2 Question 89/90


A solutions architect is designing a multi–region disaster recovery solution for an application that will provide public API access. The application will use Amazon EC2 instances with a user data script to load application code and an Amazon RDS for MySQL database. The Recovery Time Objective (RTO) is 3 hours and the Recovery Point Objective (RPO) is 24 hours.

Which architecture would meet these requirements at the LOWEST cost?

RefreshNextRandom

D. Use Amazon Route 53 for Region failover. Deploy new EC2 instances with the user data script for APIs, and create a snapshot of the RDS instance daily for a backup. Replicate the snapshot to a backup Region.
EC2 Home

EC2 Question 90/90


A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted.

Which combination of steps will meet these requirements? (Choose two.)

RefreshNextRandom

A. Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.
B. Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate this new web ACL with the CloudFront distribution.
EC2 Home

CloudFront

- 52 Questions
CloudFront(52)  Home

CloudFront Question 1/52


A company hosts its website on Amazon S3. The website serves petabytes of outbound traffic monthly, which accounts for most of the company's AWS costs. What should a solutions architect do to reduce costs?

RefreshNextRandom

A. Configure Amazon CloudFront with the existing website as the origin.
A textbook case for CloudFront. The data transfer cost in CloudFront is lower than in S3. With heavy read operations of static content, it's more economical to add CloudFront in front of your S3 bucket. https://pupuweb.com/aws-saa-c02-actual-exam-question-answer-dumps-2/10/3
CloudFront Home

CloudFront Question 2/52


A solutions architect is creating a new Amazon CloudFront distribution for an application Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

RefreshNextRandom

A. Configure a CloudFront signed URL
CloudFront Home

CloudFront Question 3/52


A solution architect is creating a new Amazon CloudFront distribution for an application Some of Ine information submitted by users is sensitive. The application uses HTTPS but needs another layer" of security. The sensitive information should be protected throughout the entire application stack end access to the information should be restricted to certain applications

Which action should the solutions architect take?

RefreshNextRandom

C. Configure a CloudFront field-level encryption profile
CloudFront Home

CloudFront Question 4/52


A company's website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company's website demands globally. The solution should be cost effective, limit the provisioning of infrastructure resources, and provide the fastest possible response time.

Which combination should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon CloudFront and Amazon S3
CloudFront Home

CloudFront Question 5/52


An edge location refers to which Amazon Web Service?

RefreshNextRandom

C. An edge location is the location of the data center used for Amazon CloudFront.
Amazon CloudFront is a content distribution network. A content delivery network or content distribution network (CDN) is a large distributed system of servers deployed in multiple data centers across the world. The location of the data center used for CDN is called edge location. Amazon CloudFront can cache static content at each edge location. This means that your popular static content (e.g., your site's logo, navigational images, cascading style sheets, JavaScript code, etc.) will be available at a nearby edge location for the browsers to download with low latency and improved performance for viewers. Caching popular static content with Amazon CloudFront also helps you offload requests for such files from your origin server – CloudFront serves the cached copy when available and only makes a request to your origin server if the edge location receiving the browser's request does not have a copy of the file. References: Amazon CloudFront
CloudFront Home

CloudFront Question 6/52


A company is developing a serverless web application that gives users the ability to interact with real–time analytics from online games. The data from the games must be streamed in real time. The company needs a durable, low–latency database option for user data. The company does not know how many users will use the application Any design considerations must provide response times of single–digit milliseconds as the application scales.

Which combination of AWS services will meet these requirements? (Select TWO.)

RefreshNextRandom

A. Amazon CloudFront
B. Amazon DynamoDB
CloudFront Home

CloudFront Question 7/52


A solution architect needs to design a highly available application consisting of web, application, and database tiers. HTTPS content delivery should be as close to the edge as possible, with the least delivery time.

Which solution meets these requirements and is MOST secure?

RefreshNextRandom

B. Amazon EC2 instances in private subnets Configure. Configure a public Application Load Balancer with multiple redundant Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.
CloudFront Home

CloudFront Question 8/52


A company is hosting its static website in an Amazon S3 bucket, which is the origin for Amazon CloudFront. The company has users in the United States, Canada, and Europe and wants to reduce.

What should a solutions architect recommend?

RefreshNextRandom

C. Modify the CloudFront price class to include only the locations of the countries that are served
CloudFront Home

CloudFront Question 9/52


53 latency–based routing to route requests to its UDP–based application tor users around the world the application is hosted on redundant servers in the company's on–premises data centers in the United States Asia, and Europe The company's compliance requirements state that the application must be hosted on–premises. The company wants to improve the performance and availability of the application.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Configure three Network Load Balancers (NLOs) in the three AWS Regions to address the on-premises endpoints in Route 53. Create latency-based record that points to the three NLBs. and use it as an origin for an Amazon CloudFront distribution. Provide access to the application by using a CNAML that points to the CloudFront DNS.
CloudFront Home

CloudFront Question 10/52


A solutions architect is designing the storage architecture for a new web application used for storing and viewing engineering drawings. All application components will be deployed on the AWS infrastructure.

The application design must support caching to minimize the amount of time that users wait for the engineering drawings to load. The application must be able to store petabytes of data. Which combination of storage and caching should the solutions architect use?

RefreshNextRandom

A. Amazon S3 with Amazon CloudFront
CloudFront for caching and S3 as the origin. Glacier is used for archiving which is not the case for this scenario.
CloudFront Home

CloudFront Question 11/52


A solution architect is performing a security review of a recently migrated workload. The workload is a web application that consists of Amazon EC2 instances in an Auto Scaling group behind an Application Load balancer. The solution architect must improve the security posture and minimize the impact of a DDoS attack on resources.

Which solution is MOST effective?

RefreshNextRandom

A. Configure an AWS WAF ACL with rate-based rules Create an Amazon CloudFront distribution that points to the Application Load Balancer. Enable the EAF ACL on the CloudFront distribution
CloudFront Home

CloudFront Question 12/52


A company is using Amazon CloudFront with its website.

The company has enabled logging on the CloudFront distribution, and logs are saved in one of the company's Amazon S3 buckets.

The company needs to perform advanced analysis on the logs and build visualizations.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

D. Use standard SQL queries in Amazon DynamoDB to analyze the CloudFront logs in the S3 bucket. Visualize the results with Amazon QuickSight.
CloudFront Home

CloudFront Question 13/52


A solutions architect is creating a new Amazon CloudFront distribution for an application. Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

RefreshNextRandom

A. Configure a CloudFront signed URL
CloudFront Home

CloudFront Question 14/52


A solutions architect is optimizing a website for an upcoming musical event Videos of the performances will be streamed in real–time and then will be available on demand. The event is expected to attract a global online audience

Which service will improve the performance of both real–time and on–demand streaming?

RefreshNextRandom

A. Amazon CloudFront
Amazon CloudFront can be used to stream video to users across the globe using a wide variety of protocols that are layered on top of HTTP. This can include both on-demand video as well as real-time streaming video. CORRECT: "Amazon CloudFront" is the correct answer. INCORRECT: "AWS Global Accelerator" is incorrect as this would be an expensive way of getting the content closer to users compared to using CloudFront. As this is a use case for CloudFront and there are so many edge locations it is the better option. INCORRECT: "Amazon Route 53" is incorrect as you still need a solution for getting the content closer to users. INCORRECT: "Amazon S3 Transfer Acceleration" is incorrect as this is used to accelerate uploads of data to Amazon S3 buckets. References: Amazon CloudFront media streaming tutorials Amazon CloudFront > Developer Guide > Video on Demand and Live Streaming Video with CloudFront
CloudFront Home

CloudFront Question 15/52



What should a solutions architect recommend to meet this requirement?

RefreshNextRandom

C. Deploy an Amazon CloudFront distribution that listens on the TCP port that the application requires. Use an Application Load Balancer as the origin.
CloudFront Home

CloudFront Question 16/52


A company hosts its static website content from an Amazon S3 bucket in the us–east–1 Region. Content is made available through an Amazon CloudFront origin pointing to that bucket. Cross–Region replication is set to create a second copy of the bucket in the ap–southeast–1 Region. Management wants a solution that provides greater availability for the website.

Which combination of actions should a solutions architect take to increase availability? (Choose two.)

RefreshNextRandom

B. Configure failover routing in Amazon Route 53.
E. Set up a CloudFront origin group with the us-east-1 bucket as the primary and the ap-southeast-1 bucket as the secondary.
CloudFront Home

CloudFront Question 17/52


Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the world. The files are stored in an Amazon S3 bucket. A solutions architect has been asked to design an efficient and effective solution.

Which action should the solutions architect take to accomplish this?

RefreshNextRandom

D. Use Amazon CloudFront with the S3 bucket as its origin.
Using Amazon S3 Origins, MediaPackage Channels, and Custom Origins for Web Distributions Using Amazon S3 Buckets for Your Origin When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in an Amazon S3 bucket. You can use any method that is supported by Amazon S3 to get your objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket. Using an existing Amazon S3 bucket as your CloudFront origin server doesn't change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects at the standard Amazon S3 price. You incur regular Amazon S3 charges for storing the objects in the bucket. Using Amazon S3 Buckets Configured as Website Endpoints for Your Origin You can set up an Amazon S3 bucket that is configured as a website endpoint as custom origin with CloudFront. When you configure your CloudFront distribution, for the origin, enter the Amazon S3 static website hosting endpoint for your bucket. This value appears in the Amazon S3 console, on the Properties tab, in the Static website hosting pane. For example: http://bucket-name.s3-website-region.amazonaws.com For more information about specifying Amazon S3 static website endpoints, see Website endpoints in the Amazon Simple Storage Service Developer Guide. When you specify the bucket name in this format as your origin, you can use Amazon S3 redirects and Amazon S3 custom error documents. For more information about Amazon S3 features, see the Amazon S3 documentation. Using an Amazon S3 bucket as your CloudFront origin server doesn't change it in any way. You can still use it as you normally would and you incur regular Amazon S3 charges. Amazon CloudFront can be used to cache the files in edge locations around the world and this will improve the performance of the webpages. To serve a static website hosted on Amazon S3, you can deploy a CloudFront distribution using one of these configurations: Using a REST API endpoint as the origin with access restricted by an origin access identity (OAI) Using a website endpoint as the origin with anonymous (public) access allowed Using a website endpoint as the origin with access restricted by a Referer header CORRECT: "Use Amazon CloudFront with the S3 bucket as its origin" is the correct answer. INCORRECT: "Generate presigned URLs for the files" is incorrect as this is used to restrict access which is not a requirement. INCORRECT: "Use cross-Region replication to all Regions" is incorrect as this does not provide a mechanism for directing users to the closest copy of the static webpages. INCORRECT: "Use the geoproximity feature of Amazon Route 53" is incorrect as this does not include a solution for having multiple copies of the data in different geographic locations. References: How do I use CloudFront to serve a static website hosted on Amazon S3?
CloudFront Home

CloudFront Question 18/52


A company hosts a training site on a fleet of Amazon EC2 instances. The company anticipates that its new course, which consists of dozens of training videos on the site, will be extremely popular when it is released in 1 week.

What should a solutions architect do to minimize the anticipated server load?

RefreshNextRandom

C. Store the videos in an Amazon S3 bucket. Create an Amazon CloudFront distribution with an origin access identity (OAI) of that S3 bucket. Restrict Amazon S3 access to the OAI.
CloudFront Home

CloudFront Question 19/52


A company is running its application in a single region on Amazon EC2 with Amazon Elastic Block Store (Amazon EBS) and S3 as part of the storage design.

What should be done to reduce data transfer costs?

RefreshNextRandom

C. Create an Amazon CloudFront distribution with Amazon S3 as the origin
CloudFront Home

CloudFront Question 20/52


A company runs a multi–tier web application that hosts news content. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database. A solutions architect needs to make the application more resilient to periodic increases in request rates.

Which architecture should the solutions architect implement? (Choose two.)

RefreshNextRandom

B. Add Aurora Replica.
E. Add an Amazon CloudFront distribution in front of the Application Load Balancer.
AWS Global Accelerator: Acceleration for latency-sensitive applications. Many applications, especially in areas such as gaming, media, mobile apps, and financials, require very low latency for a great user experience. To improve the user experience, Global Accelerator directs user traffic to the application endpoint that is nearest to the client, which reduces internet latency and jitter. Global Accelerator routes traffic to the closest edge location by using Anycast, and then routes it to the closest regional endpoint over the AWS global network. Global Accelerator quickly reacts to changes in network performance to improve your users' application performance. Amazon CloudFront: Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. The architecture is already highly resilient but the may be subject to performance degradation if there are sudden increases in request rates. To resolve this situation Amazon Aurora Read Replicas can be used to serve read traffic which offloads requests from the main database. On the frontend an Amazon CloudFront distribution can be placed in front of the ALB and this will cache content for better performance and also offloads requests from the backend. CORRECT: "Add Amazon Aurora Replicas" is the correct answer. CORRECT: "Add an Amazon CloudFront distribution in front of the ALB" is the correct answer. INCORRECT: "Add and Amazon WAF in front of the ALB" is incorrect. A web application firewall protects applications from malicious attacks. It does not improve performance. INCORRECT: "Add an Amazon Transit Gateway to the Availability Zones" is incorrect as this is used to connect on-premises networks to VPCs. INCORRECT: "Add an Amazon Global Accelerator endpoint" is incorrect as this service is used for directing users to different instances of the application in different regions based on latency. References: Amazon Aurora > User Guide for Aurora > Replication with Amazon Aurora Amazon CloudFront > Developer Guide > What is Amazon CloudFront?
CloudFront Home

CloudFront Question 21/52


A company serves content to its subscribers across the world using an application running on AWS. The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). Due to a recent change in copyright restrictions, the chief information officer (CIO) wants to block access for certain countries.

Which action will meet these requirements?

RefreshNextRandom

C. Use Amazon CloudFront to serve the application and deny access to blocked countries.
"block access for certain countries." You can use geo restriction, also known as geo blocking, to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution. When a user requests your content, CloudFront typically serves the requested content regardless of where the user is located. If you need to prevent users in specific countries from accessing your content, you can use the CloudFront geo restriction feature to do one of the following: Allow your users to access your content only if they're in one of the countries on a whitelist of approved countries. Prevent your users from accessing your content if they're in one of the countries on a blacklist of banned countries. For example, if a request comes from a country where, for copyright reasons, you are not authorized to distribute your content, you can use CloudFront geo restriction to block the request. This is the easiest and most effective way to implement a geographic restriction for the delivery of content. CORRECT: "Use Amazon CloudFront to serve the application and deny access to blocked countries" is the correct answer. INCORRECT: "Use a Network ACL to block the IP address ranges associated with the specific countries" is incorrect as this would be extremely difficult to manage. INCORRECT: "Modify the ALB security group to deny incoming traffic from blocked countries" is incorrect as security groups cannot block traffic by country. INCORRECT: "Modify the security group for EC2 instances to deny incoming traffic from blocked countries" is incorrect as security groups cannot block traffic by country. References: Amazon CloudFront > Developer Guide > Restricting the geographic distribution of your content
CloudFront Home

CloudFront Question 22/52


A company's dynamic website is hosted using on–premises servers in the United States. The company is launching its product in Europe, and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed.

What should the solutions architect recommend?

RefreshNextRandom

C. Use Amazon CloudFront with a custom origin pointing to the on-premises servers.
CloudFront Home

CloudFront Question 23/52


A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company's security policy requires that all website traffic be inspected by AWS WAF.

How should the solutions architect comply with these requirements?

RefreshNextRandom

D. Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.
CloudFront Home

CloudFront Question 24/52


A company is hosting an election reporting website on AWS for users around the world. The website uses Amazon EC2 instances for the web and application tiers in an Auto Scaling group with Application Load Balancers. The database tier uses an Amazon RDS for MySQL database. The website is updated with election results once an hour and has historically observed hundreds of users accessing the reports.

The company is expecting a significant increase in demand because of upcoming elections in different countries. A solutions architect must improve the website's ability to handle additional demand while minimizing the need for additional EC2 instances.

Which solution will meet these requirements?

RefreshNextRandom

B. Launch an Amazon CloudFront web distribution to cache commonly requested website content.
CloudFront Home

CloudFront Question 25/52


A company wants to improve the availability and performance of its stateless UDP–based workload. The workload is deployed on Amazon EC2 instances in multiple AWS Regions.

What should a solutions architect recommend to accomplish this?

RefreshNextRandom

D. Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs.
CloudFront Home

CloudFront Question 26/52


A company hosts a static website on–premises and wants to migrate the website to AWS. The website should load as quickly as possible for users around the world. The company also wants the most cost–effective solution.

What should a solutions architect do to accomplish this?

RefreshNextRandom

B. Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Configure Amazon CloudFront with the S3 bucket as the origin.
What Is Amazon CloudFront? Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. Using Amazon S3 Buckets for Your Origin When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in an Amazon S3 bucket. You can use any method that is supported by Amazon S3 to get your objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket. Using an existing Amazon S3 bucket as your CloudFront origin server doesn't change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects at the standard Amazon S3 price. You incur regular Amazon S3 charges for storing the objects in the bucket. The most cost-effective option is to migrate the website to an Amazon S3 bucket and configure that bucket for static website hosting. To enable good performance for global users the solutions architect should then configure a CloudFront distribution with the S3 bucket as the origin. This will cache the static content around the world closer to users. CORRECT: "Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Configure Amazon CloudFront with the S3 bucket as the origin" is the correct answer. INCORRECT: "Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Replicate the S3 bucket to multiple AWS Regions" is incorrect as there is no solution here for directing users to the closest region. This could be a more cost-effective (though less elegant) solution if AWS Route 53 latency records are created. INCORRECT: "Copy the website content to an Amazon EC2 instance. Configure Amazon Route 53 geolocation routing policies to select the closest origin" is incorrect as using Amazon EC2 instances is less cost-effective compared to hosting the website on S3. Also, geolocation routing does not achieve anything with only a single record. INCORRECT: "Copy the website content to multiple Amazon EC2 instances in multiple AWS Regions. Configure AWS Route 53 geolocation routing policies to select the closest region" is incorrect as using Amazon EC2 instances is less cost-effective compared to hosting the website on S3. References: How do I use CloudFront to serve a static website hosted on Amazon S3?
CloudFront Home

CloudFront Question 27/52


A company serves a multilingual website from a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). This architecture is currently running in the us–west–1 Region but is exhibiting high request latency for users located in other parts of the world.

The website needs to serve requests quickly and efficiently regardless of a user's location. However, the company does not want to recreate the existing architecture across multiple Regions.

How should a solutions architect accomplish this?

RefreshNextRandom

B. Configure an Amazon CloudFront distribution with the ALB as the origin. Set the cache behavior settings to only cache based on the Accept-Language request header.
CloudFront Home

CloudFront Question 28/52


A solutions architect needs to design a low–latency solution for a static single–page application accessed by users utilizing a custom domain name. The solution must be serverless, encrypted in transit, and cost–effective.

Which combination of AWS services and features should the solutions architect use? (Choose two.)

RefreshNextRandom

A. Amazon S3
D. Amazon CloudFront
CloudFront Home

CloudFront Question 29/52


A solutions architect is designing a solution to access a catalog of images and provide users with the ability to submit requests to customize images. Image customization parameters will be in any request sent to an AWS API Gateway API. The customized image will be generated on demand, and users will receive a link they can click to view or download their customized image. The solution must be highly available for viewing and customizing images.

What is the MOST cost–effective solution to meet these requirements?

RefreshNextRandom

B. Use AWS Lambda to manipulate the original image to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.
AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume – there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service – all with zero administration. AWS Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring, and logging. All you need to do is supply your code in one of the languages that AWS Lambda supports. Storing your static content with S3 provides a lot of advantages. But to help optimize your application's performance and security while effectively managing cost, we recommend that you also set up Amazon CloudFront to work with your S3 bucket to serve and protect the content. CloudFront is a content delivery network (CDN) service that delivers static and dynamic web content, video streams, and APIs around the world, securely and at scale. By design, delivering data out of CloudFront can be more cost effective than delivering it from S3 directly to your users. CloudFront serves content through a worldwide network of data centers called Edge Locations. Using edge servers to cache and serve content improves performance by providing content closer to where viewers are located. CloudFront has edge servers in locations all around the world. All solutions presented are highly available. The key requirement that must be satisfied is that the solution should be cost-effective and you must choose the most cost-effective option. Therefore, it's best to eliminate services such as Amazon EC2 and ELB as these require ongoing costs even when they're not used. Instead, a fully serverless solution should be used. AWS Lambda, Amazon S3 and CloudFront are the best services to use for these requirements. CORRECT: "Use AWS Lambda to manipulate the original images to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin" is the correct answer. INCORRECT: "Use Amazon EC2 instances to manipulate the original images into the requested customization. Store the original and manipulated images in Amazon S3. Configure an Elastic Load Balancer in front of the EC2 instances" is incorrect. This is not the most cost-effective option as the ELB and EC2 instances will incur costs even when not used. INCORRECT: "Use AWS Lambda to manipulate the original images to the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Elastic Load Balancer in front of the Amazon EC2 instances" is incorrect. This is not the most cost-effective option as the ELB will incur costs even when not used. Also, Amazon DynamoDB will incur RCU/WCUs when running and is not the best choice for storing images. INCORRECT: "Use Amazon EC2 instances to manipulate the original images into the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Amazon CloudFront distribution with the S3 bucket as the origin" is incorrect. This is not the most cost-effective option as the EC2 instances will incur costs even when not used. References: Serverless on AWS
CloudFront Home

CloudFront Question 30/52


A company runs a static website through its on–premises data center. The company has multiple servers that handle all of its traffic, but on busy days, services are interrupted and the website becomes unavailable.

The company wants to expand its presence globally and plans to triple its website traffic.

What should a solutions architect recommend to meet these requirements?

RefreshNextRandom

D. Use Amazon Route 53 to distribute the loads across multiple Amazon CloudFront distributions for each AWS Region that exists globally.
CloudFront Home

CloudFront Question 31/52


A media company stores video content in an Amazon Elastic Block Store (Amazon EBS) volume. A certain video file has become popular and a large number of users across the world are accessing this content.

This has resulted in a cost increase.

Which action will DECREASE cost without compromising user accessibility?

RefreshNextRandom

B. Store the video in an Amazon S3 bucket and create an Amazon CloudFront distribution.
CloudFront Home

CloudFront Question 32/52


A company is hosting its static website in an Amazon S3 bucket, which is the origin for Amazon CloudFront.

The company has users in the United States, Canada, and Europe and wants to reduce costs.

What should a solutions architect recommend?

RefreshNextRandom

C. Modify the CloudFront price class to include only the locations of the countries that are served.
CloudFront Home

CloudFront Question 33/52


A company is designing a website that uses an Amazon S3 bucket to store static images. The company wants all future requests to have faster response times while reducing both latency and cost.

Which service configuration should a solutions architect recommend?

RefreshNextRandom

B. Deploy Amazon CloudFront in front of Amazon S3.
CloudFront Home

CloudFront Question 34/52


A company is using Amazon Route 53 latency–based routing to route requests to its UDP–based application for users around the world. The application is hosted on redundant servers in the company's on–premises data centers in the United States, Asia, and Europe. The company's compliance requirements state that the application must be hosted on–premises. The company wants to improve the performance and availability of the application.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Configure three Network Load Balancers (NLBs) in the three AWS Regions to address the on-premises endpoints. In Route 53, create a latency-based record that points to the three NLBs, and use it as an origin for an Amazon CloudFront distribution. Provide access to the application by using a CNAME that points to the CloudFront DNS.
CloudFront Home

CloudFront Question 35/52


A company wants to run a static website served through Amazon CloudFront.

What is an advantage of storing the website content in an Amazon S3 bucket instead of an Amazon Elastic Block Store (Amazon EBS) volume?

RefreshNextRandom

B. S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin
CloudFront Home

CloudFront Question 36/52


A company's website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company's website demands globally. The solution should be cost effective, limit the? provisioning of Into and provide the fastest possible response time.

Which combination should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon CloudFront and Amazon S3
CloudFront Home

CloudFront Question 37/52


A company recently launched its website to serve content to its global user base. The company wants to store and accelerate the delivery of static content to its users by leveraging Amazon CloudFront with an Amazon EC2 instance attached as its origin.

How should a solutions architect optimize high availability for the application?

RefreshNextRandom

A. Use Lambda@Edge for CloudFront.
CloudFront Home

CloudFront Question 38/52


A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access.

Which of the following would be the LEAST complicated implementation?

RefreshNextRandom

C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL.
CloudFront Home

CloudFront Question 39/52


A company is running a two–tier eCommerce website using services. The current architect uses a public facing Elastic Load Balancer that sends traffic to Amazon EC2 instances in a private subnet. The static content is hosted on EC2 instances, and the dynamic content is retrieved from a MYSQL database. The application is running in the United States. The company recently started selling to users in Europe and Australia. A solutions architect needs to design solution so their international users have an improved browsing experience.

Which solution is MOST cost–effective?

RefreshNextRandom

B. Use Amazon CloudFront and Amazon S3 to host static images.
CloudFront Home

CloudFront Question 40/52


A company hosts its product information webpages on AWS. The existing solution uses multiple Amazon C2 instances behind an Application Load Balancer in an Auto Scaling group. The website also uses a custom DNS name and communicates with HTTPS only using a dedicated SSL certificate. The company is planning a new product launch and wants to be sure that users from around the world have the best possible experience on the new website.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

A. Redesign the application to use Amazon CloudFront.
What Is Amazon CloudFront? Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined – such as an Amazon S3 bucket, a MediaPackage channel, or an HTTP server (for example, a web server) that you have identified as the source for the definitive version of your content. As an example, suppose that you're serving an image from a traditional web server, not from CloudFront. For example, you might serve an image, sunsetphoto.png, using the URL http://example.com/sunsetphoto.png. Your users can easily navigate to this URL and see the image. But they probably don't know that their request was routed from one network to another – through the complex collection of interconnected networks that comprise the internet – until the image was found. CloudFront speeds up the distribution of your content by routing each user request through the AWS backbone network to the edge location that can best serve your content. Typically, this is a CloudFront edge server that provides the fastest delivery to the viewer. Using the AWS network dramatically reduces the number of networks that your users' requests must pass through, which improves performance. Users get lower latency – the time it takes to load the first byte of the file – and higher data transfer rates. You also get increased reliability and availability because copies of your files (also known as objects) are now held (or cached) in multiple edge locations around the world.
CloudFront Home

CloudFront Question 41/52


A company runs an online media site, hosted on–premises. An employee posted a product review that contained videos and pictures. The review went viral and the company needs to handle the resulting spike in website traffic.

What action would provide an immediate solution?

RefreshNextRandom

C. Serve the images and videos using an Amazon CloudFront distribution created using the news site as the origin
CloudFront Home

CloudFront Question 42/52


A solutions architect is optimizing a website for an upcoming musical event. Videos of the performances will be streamed in real time and then will be available on demand. The event is expected to attract a global online audience.

Which service will improve the performance of both the real–time and on–demand streaming?

RefreshNextRandom

A. Amazon CloudFront
CloudFront Home

CloudFront Question 43/52


A company hosts more than 300 global websites and applications. The company requires a platform to analyze more than 30 TB of clickstream data each day. What should a solutions architect do to transmit and process the clickstream data?

RefreshNextRandom

C. Cache the data to Amazon CloudFront. Store the data in an Amazon S3 bucket. When an object is added to the S3 bucket, run an AWS Lambda function to process the data for analysis.
CloudFront Home

CloudFront Question 44/52


A company hosts historical weather records in Amazon S3. The records are downloaded from the company's website by a way of a URL that resolves to a domain name. Users all over the world access this content through subscriptions. A third–party provider hosts the company's root domain name, but the company recently migrated some of its services to Amazon Route 53. The company wants to consolidate contracts, reduce latency for users, and reduce costs related to serving the application to subscribers.

Which solution meets these requirements?

RefreshNextRandom

B. Create a web distribution on Amazon CloudFront to serve the S3 content for the application. Create an ALIAS record in the Amazon Route 53 hosted zone that points to the CloudFront distribution, resolving to the application's URL domain name.
CloudFront Home

CloudFront Question 45/52


A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted.

Which combination of steps will meet these requirements? (Choose two.)

RefreshNextRandom

A. Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.
B. Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate this new web ACL with the CloudFront distribution.
CloudFront Home

CloudFront Question 46/52


A company's website runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The website has a mix of dynamic and static content. Users around the globe are reporting that the website is slow.

Which set of actions will improve website performance for users worldwide?

RefreshNextRandom

A. Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution.
What Is Amazon CloudFront? Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. Routing Traffic to an Amazon CloudFront web distribution by using your domain name. If you want to speed up delivery of your web content, you can use Amazon CloudFront, the AWS content delivery network (CDN). CloudFront can deliver your entire website – including dynamic, static, streaming, and interactive content – by using a global network of edge locations. Requests for your content are automatically routed to the edge location that gives your users the lowest latency. To use CloudFront to distribute your content, you create a web distribution and specify settings such as the Amazon S3 bucket or HTTP server that you want CloudFront to get your content from, whether you want only selected users to have access to your content, and whether you want to require users to use HTTPS. When you create a web distribution, CloudFront assigns a domain name to the distribution, such asd111111abcdef8.cloudfront.net. You can use this domain name in the URLs for your content, for example: http://d111111abcdef8.cloudfront.net/logo.jpg Alternatively, you might prefer to use your own domain name in URLs, for example: http://example.com/logo.jpg If you want to use your own domain name, use Amazon Route 53 to create an alias record that points to your CloudFront distribution. An alias record is a Route 53 extension to DNS. It's similar to a CNAME record, but you can create an alias record both for the root domain, such as example.com, and for subdomains, such aswww.example.com. (You can create CNAME records only for subdomains.) When Route 53 receives a DNS query that matches the name and type of an alias record, Route 53 responds with the domain name that is associated with your distribution. Amazon CloudFront is a content delivery network (CDN) that improves website performance by caching content at edge locations around the world. It can serve both dynamic and static content. This is the best solution for improving the performance of the website. CORRECT: "Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution" is the correct answer. INCORRECT: "Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB" is incorrect. Latency routing routes based on the latency between the client and AWS. There is no mention in the answer about creating the new instances in another region therefore the only advantage is in using larger instance sizes. For a dynamic site this adds complexity in keeping the instances in sync. INCORRECT: "Launch new EC2 instances hosting the same web application in different Regions closer to the users. Use an AWS Transit Gateway to connect customers to the closest region" is incorrect as Transit Gateway is a service for connecting on-premises networks and VPCs to a single gateway. INCORRECT: "Migrate the website to an Amazon S3 bucket in the Regions closest to the users. Then create an Amazon Route 53 geolocation record to point to the S3 buckets" is incorrect as with S3 you can only host static websites, not dynamic websites. References: Amazon CloudFront Dynamic Content Delivery
CloudFront Home

CloudFront Question 47/52


A media company stores video content in an Amazon Elastic Block Store (Amazon EBS) volume. A certain video files has become popular and a large number of user across the world are accessing this content.

This has resulted in a cost increase.

Which action will DECREASE cost without compromising user accessibility?

RefreshNextRandom

B. Store the video in an Amazon S3 bucket and create and Amazon CloudFront distribution
CloudFront Home

CloudFront Question 48/52


Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the work. The files are stored in an Amazon S3 Bucket A solutions architect has been asked to design an efficient and effective solution

Which action should the solutions architect take to accomplish this?

RefreshNextRandom

D. Use Amazon CloudFront with the S3 bucket as its ongin
CloudFront Home

CloudFront Question 49/52


In Amazon AWS, which of the following statements is true of key pairs?

RefreshNextRandom

B. Key pairs are used only for Amazon EC2 and Amazon CloudFront.
Key pairs consist of a public and private key, where you use the private key to create a digital signature, and then AWS uses the corresponding public key to validate the signature. Key pairs are used only for Amazon EC2 and Amazon CloudFront. References: AWS General Reference > Reference guide > Understanding and getting your AWS credentials
CloudFront Home

CloudFront Question 50/52


A company's dynamic website is hosted using on–premises servers in the United States. The company is launching its product in Europe and it wants to optimize site loading times for new European users. The site's backend must remain in the United States.

The product is being launched in a few days, and an immediate solution is needed

What should the solutions architect recommend?

RefreshNextRandom

C. Use Amazon CloudFront with a custom origin pointing to the on-premises servers
CloudFront Home

CloudFront Question 51/52


A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access.

Which of the following would be the LEAST complicated implementation?

RefreshNextRandom

C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL.
CloudFront Home

CloudFront Question 52/52


A company is building an online multiplayer game. The game communicates by using UDP, and low latency between the client and the backend is important. The backend is hosted on Amazon EC2 instances that can be deployed to multiple AWS Regions to meet demand. The company needs the game to be highly available so that users around the world can access the game at all times.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Deploy Amazon CloudFront to support an origin access identity (OAI). Associate the OAI with EC2 instances in each Region to support global traffic.
CloudFront Home

VPC

- 43 Questions
VPC(43)  Home

VPC Question 1/43


A company has an application hosted on Amazon EC2 instances in two VPCs across different AWS Regions. To communicate with each other, the instances use the internet for connectivity. The security team wants to ensure that no communication between the instances happens over the internet.

What should a solutions architect do to accomplish this?

RefreshNextRandom

D. Create a VPC peering connection and update the route table of the EC2 instances' subnet.
VPC Home

VPC Question 2/43


A company wants to improve the availability of an existing firewall.

To meet the compliance requirements of the applications hosted in the VPC.

The company's security team is using a proprietary firewall running on Amazon EC2 instances. All internet traffic flows through the primary firewall.

When the primary firewall goes down, the team manually changes the VPC route table so that it uses a secondary firewall running in a different Availability Zone.

Which strategies should a solutions architect use to improve the availability of the firewall? (Select TWO.)

RefreshNextRandom

D. Deploy a scheduled AWS Lambda function in the VPC to monitor the primary firewall and change the route table to use the secondary firewall in case of failure.
E. Monitor the firewall instance health in Amazon EventBridge (Amazon CloudWatch Events). Trigger an event rule to restart the primary firewall upon a detected failure.
VPC Home

VPC Question 3/43



Which solution will meet these requirements?

RefreshNextRandom

B. Increase the size of the EC2 NAT instance in the VPC to a network optimized instance type
VPC Home

VPC Question 4/43


A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2 instances to download software updates.

What should the solutions architect do to enable internet access for the private subnets?

RefreshNextRandom

B. Create three NAT instances, one for each private subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.
VPC Home

VPC Question 5/43


A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets. The EC2 instances access Amazon S3 over the internet, but they do not require any other network access.

A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the internet.

Which change to the network architecture should a solutions architect recommend to meet this requirement?

RefreshNextRandom

C. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets
VPC Home

VPC Question 6/43


A company is using a VPC peering strategy to connect its VPCs in a single Region to allow for cross– communication. A recent increase in account creations and VPCs has made it difficult to maintain the VPC peering strategy, and the company expects to grow to hundreds of VPCs.

There are also new requests to create site–to–site VPNs with some of the VPCs. A solutions architect has been tasked with creating a centrally networking setup for multiple accounts, VPNS, and VPNs.

Which networking solution meets these requirements?

RefreshNextRandom

D. Configure a transit gateway with AWS Transit Gateway and connected all VPCs and VPNs.
VPC Home

VPC Question 7/43



What should a solutions architect recommend for maximum performance?

RefreshNextRandom

D. Use AWS PrivateLink to create an interface VPC endpoint for Kinesis Data Firehose in the VP
VPC Home

VPC Question 8/43


A company's website hosted on Amazon EC2 instances processes classified data stored in Amazon S3. Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3.

Which solution meets these requirements?

RefreshNextRandom

A. Set up S3 bucket policies to allow access from a VPC endpoint. References: Amazon Simple Storage Service > User Guide > Controlling access from VPC endpoints with bucket policies
VPC Home

VPC Question 9/43


After setting up a Virtual Private Cloud (VPC) network, a more experienced cloud engineer suggests that to achieve low network latency and high network throughput you should look into setting up a placement group. You know nothing about this, but begin to do some research about it and are especially curious about its limitations.

Which of the below statements is wrong in describing the limitations of a placement group?

RefreshNextRandom

D. A placement group can span peered VPCs
A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gbps network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking. Placement groups have the following limitations: The name you specify for a placement group a name must be unique within your AWS account. A placement group can't span multiple Availability Zones. Although launching multiple instance types into a placement group is possible, this reduces the likelihood that the required capacity will be available for your launch to succeed. We recommend using the same instance type for all instances in a placement group. You can't merge placement groups. Instead, you must terminate the instances in one placement group, and then relaunch those instances into the other placement group. A placement group can span peered VPCs; however, you will not get full-bisection bandwidth between instances in peered VPCs. For more information about VPC peering connections, see VPC Peering in the Amazon VPC User Guide. You can't move an existing instance into a placement group. You can create an AMI from your existing instance, and then launch a new instance from the AMI into a placement group. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Placement groups
VPC Home

VPC Question 10/43


A company runs its two–tier eCommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third–party web service. The application must be highly available.

Which combination of configuration options will meet these requirements? (Choose two.)

RefreshNextRandom

A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.
B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.
VPC Home

VPC Question 11/43


A company is using a VPC peering strategy to connect its VPCs in a single Region to allow for cross communication.

A recent increase in account creations and VPCs has made it difficult to maintain the VPC peering strategy, and the company expects to grow to hundreds of VPCs. There are also new requests to create site–to–site VPNs with some of the VPCs. A solutions architect has been tasked with creating a centrally managed networking setup for multiple accounts, VPCs, and VPNs.

Which networking solution meets these requirements?

RefreshNextRandom

D. Configure a transit gateway with AWS Transit Gateway and connect all VPCs and VPNs.
VPC Home

VPC Question 12/43


A company has three AWS accounts Management Development and Production. These accounts use AWS services only in the us–east–1 Region All accounts have a VPC with VPC Flow Logs configured to publish data to an Amazon S3 bucket in each separate account For compliance reasons the company needs an ongoing method to aggregate all the VPC flow logs across all accounts into one destination S3 bucket in the Management account.

What should a solutions architect do to meet these requirements with the LEAST operational overhead?

RefreshNextRandom

A. Add S3 Same-Region Replication rules in each S3 bucket that stores VPC flow logs to replicate objects to the destination S3 bucket Configure the destination S3 bucket to allow objects to be received from the S3 buckets in other accounts
VPC Home

VPC Question 13/43


A company runs an application in the AWS Cloud and uses Amazon DynamoDB as the database. The company deploys Amazon EC2 instances to a private network to process data from the database.


A solutions architect must implement a solution that provides connectivity to DynamoDB and that does not require ongoing management.

What is the MOST cost–effective solution that meets these requirements?

RefreshNextRandom

A. Create a gateway VPC endpoint to provide connectivity to DynamoDB
VPC Home

VPC Question 14/43


A company's application hosted on Amazon EC2 instances needs to access an Amazon S3 bucket. Due to data sensitivity, traffic cannot traverse the internet.

How should a solutions architect configure access?

RefreshNextRandom

B. Configure a VPC gateway endpoint for Amazon S3 in the VPC.
VPC Home

VPC Question 15/43


A company has two VPCs that are located in the us–west–2 Region within the same AWS account. The company needs to allow network traffic between these VPCs. Approximately 500 GB of data transfer will occur between the VPCs each month.

What is the MOST cost–effective solution to connect these VPCs?

RefreshNextRandom

C. Set up a VPC peering connection between the VPCs. Update the route tables of each VPC to use the VPC peering connection for inter-VPC communication.
VPC Home

VPC Question 16/43


A company wants to create an application that will transmit protected health information (PHI) to thousands of service consumers in different AWS accounts.

The application servers will sit in private VPC subnets The routing for the application must be fault tolerant.

What should be done to meet these requirements?

RefreshNextRandom

A. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection
VPC Home

VPC Question 17/43


A company wants to use an AWS Region as a disaster recovery location for its on–premises infrastructure.

The company has 10 TB of existing data, and the on–premise data center has a 1 Gbps internet connection.

A solutions architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel.

Which solution should the solutions architect select?

RefreshNextRandom

C. Establish a VPN connection between Amazon VPC and the company's data center.
VPC Home

VPC Question 18/43



Which solution meets these requirements?

RefreshNextRandom

C. Replace the NAT gateway with a gateway VPC endpoint.
VPC Home

VPC Question 19/43


A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.

The files are stored in an on–premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.

Which solution will meet these requirements?

RefreshNextRandom

C. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
VPC Home

VPC Question 20/43



Which solution will meet these requirements?

RefreshNextRandom

A. Set up a VPC peering connection between VPC-A and VPC-B.
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The traffic remains in the private IP space. All inter-region traffic is encrypted with no single point of failure, or bandwidth bottleneck. References: Amazon Virtual Private Cloud > VPC Peering > What is VPC peering?
VPC Home

VPC Question 21/43


A company needs to connect several VPCs in the us–east Region that span hundreds of AWS accounts.

The company's networking team as its own AWS account to manage the cloud network.

What is the MOST operationally efficient solution to connect the VPCs?

RefreshNextRandom

C. Create an AWS Transit Gateway in the networking team's AWS account. Configure static routes from each VPC.
VPC Home

VPC Question 22/43


An application is running on Amazon EC2 instances. Sensitive information required for the application is stored in an Amazon S3 bucket. The bucket needs to be protected from internet access while only allowing services within the VPC access to the bucket.

Which combination of actions should solutions archived take to accomplish this? (Choose two.)

RefreshNextRandom

A. Create a VPC endpoint for Amazon S3.
C. Apply a bucket policy to restrict access to the S3 endpoint.
ACL is a property at object level not at bucket level. Also by just adding ACL you cant let the services in VPC allow access to the bucket.
VPC Home

VPC Question 23/43


A company fails an AWS security review conducted by a third party.

The review finds that some of the company's methods to access the Amazon EMR API are not secure.

Developers are using AWS Cloud9, and access keys are connecting to the Amazon EMR API through the public internet.

Which combination of steps should the company take to MOST improve its security? (Select TWO)

RefreshNextRandom

B. Set up VPC endpoints to connect to the Amazon EMR API
D. Set up IAM roles to be used to connect to the Amazon EMR API
VPC Home

VPC Question 24/43


A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the tiles can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.

The tiles are stored in an on–premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.

Which solution will meet these requirements?

RefreshNextRandom

D. Migrate the tiles to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.
VPC Home

VPC Question 25/43


A company has several Amazon EC2 instances set up in a private subnet for security reasons. These instances host applications that read and write large amounts of data to and from Amazon S3 regularly.

Currently, subnet routing directs all the traffic destined for the internet through a NAT gateway. The company wants to optimize the overall cost without impacting the ability of the application to communicate with Amazon S3 or the outside internet.

What should a solutions architect do to optimize costs?

RefreshNextRandom

C. Create a VPC endpoint for Amazon S3. Attach an endpoint policy to the endpoint. Update the route table to direct traffic to the VPC endpoint.
VPC Home

VPC Question 26/43


A company wants to use an AWS Region as a disaster recovery location for its on–premises infrastructure. The company has 10 TB of existing data, and the on–premise data center has a 1 Gbps internet connection. A solutions architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel.

Which solution should the solutions architect select?

RefreshNextRandom

C. Establish a VPN connection between Amazon VPC and the company's data center.
Keyword: AWS Region as DR for On-premises DC (Existing Data=10TB) + 1G Internet Connection Condition: 10TB on AWS in 72 Hours + Without Unencrypted Channel Without Unencrypted Channel = VPN FTP = Unencrypted Channel Options – A – Out of race, since this is unencrypted channel & not matching the condition Options – B – Out of race due to the timebound target & order /delivering AWS Snowball device will take time Options – C – Win the race, using the existing 1G Internet Link we can transfer this 10TB data within 24Hrs using encrypted Channel Options – D – Out of race due to the timebound target & order /delivering AWS Direct Connect will take time
VPC Home

VPC Question 27/43


A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet.

Which capability should the solutions architect use to meet the compliance requirements?

RefreshNextRandom

A. AWS Key Management Service (AWS KMS) References: Amazon VPC FAQs
VPC Home

VPC Question 28/43


A company wants to use an AWS Region as a disaster recovery location for its on–premises infrastructure. The company has 10 TB of existing data, and the on–premise data center has a 1 Gbps internet connection. A solutions architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel.

Which solution should the solutions architect select?

RefreshNextRandom

C. Establish a VPN connection between Amazon VPC and the company's data center.
Keyword: AWS Region as DR for On-premises DC (Existing Data=10TB) + 1G Internet Connection Condition: 10TB on AWS in 72 Hours + Without Unencrypted Channel Without Unencrypted Channel = VPN FTP = Unencrypted Channel Options – A – Out of race, since this is unencrypted channel & not matching the condition Options – B – Out of race due to the timebound target & order /delivering AWS Snowball device will take time Options – C – Win the race, using the existing 1G Internet Link we can transfer this 10TB data within 24Hrs using encrypted Channel Options – D – Out of race due to the timebound target & order /delivering AWS Direct Connect will take time References: AWS Snowball > User Guide > Shipping an AWS Snowball device AWS Direct Connect Amazon VPC
VPC Home

VPC Question 29/43



Which scenario could be causing this issue? ( Select TWO)

RefreshNextRandom

C. The route to the S3 endpoint is not configured in the route table
E. The S3 bucket has a bucket policy that does not allow access to the CIDR of the VPC
VPC Home

VPC Question 30/43


A company is planning to migrate a mission–critical three–tor web application from on–premises to the AWS Cloud.

The backend database is shared with other on–premises systems and will remain in the on–premises data center.

The application tier requires quick and predictable response times between the presentation tier and the database Encryption is required for data in transit between client web browsers and the VPC.

And between the on–premises data center and the VPC.

Which solution meets these requirements?

RefreshNextRandom

D. Use SSL/TLS for the web traffic encryption. Use VPN tunnels over an AWS Direct Connect connection for the data transfer between the VPC and the on-premises data center.
VPC Home

VPC Question 31/43


A company is designing a new application that runs in a VPC on Amazon EC2 instances. The application stores data in Amazon S3 and uses Amazon DynamoDB as its database. For compliance reasons, the company prohibits all traffic between the EC2 instances and other AWS services from passing over the public internet.

What can a solutions architect do to meet this requirement?

RefreshNextRandom

C. Configure a gateway VPC endpoint to Amazon S3. Configure an interface VPC endpoint to DynamoDB.
VPC Home

VPC Question 32/43


An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table.

What is me MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

RefreshNextRandom

A. Use a VPC endpoint for DynamoDB
VPC Home

VPC Question 33/43


A company fails an AWS security reviews conducted by the third party.

The review finds out that some of the company method to access the Amazon EMR through the public internet.

Which combination of steps should the company take to MOST improve its security? (Select TWO.)

RefreshNextRandom

A. Set up a VPC peering connect to the Amazon EMR API.
D. Set up 1AM roles to be used to connect to the Amazon FMR API.
VPC Home

VPC Question 34/43


A company's web application is running on Amazon EC2 instances behind an Application Load Balancer.

The company recently changed its policy, which now requires the application to be accessed from one specific country only.

Which configuration will meet this requirement?

RefreshNextRandom

C. Configure AWS WAF on the Application Load Balancer in a VPC. References: AWS Security Blog > How to use AWS WAF to filter incoming traffic from embargoed countries
VPC Home

VPC Question 35/43


A software vendor is deploying a new software–as–a–service (SaaS) solution that will be utilized by many AWS users. The service is hosted in a VPC behind a Network Load Balancer. The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet.

What should a solutions architect do to accomplish this goal?

RefreshNextRandom

C. Connect the service in the VPC with an AWS Private Link endpoint. Have users subscribe to the endpoint.
VPC Home

VPC Question 36/43


A company has a two–tier application architecture that runs in public and private subnets. Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet.

The web application instances and the database are running in a single Availability Zone (AZ).

Which combination of steps should a solutions architect take to provide high availability for this architecture? (Choose two.)

RefreshNextRandom

B. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs.
E. Create new public and private subnets in the same VPC, each in a new AZ. Migrate the database to an Amazon RDS multi-AZ deployment.
You would the EC2 instances to have high availability by placing them in multiple AZs.
VPC Home

VPC Question 37/43


A company is running an application on Amazon EC2 instances hosted in a private subnet of a VPC.

The EC2 instances are configured in an Auto Scaling group behind an Elastic Load Balancer (ELB).

The EC2 instances use a NAT gateway for outbound internet access.

However the EC2 instances are not able to connect to the public internet to download software updates.

What are the possible root causes of this issue? (Select TWO )

RefreshNextRandom

B. The route tables in the VPC are configured incorrectly
E. The outbound rules on the security group attached to the EC2 Instances are configured incorrectly.
VPC Home

VPC Question 38/43


A company has an AWS Direct Connect connection from its corporate data center to its VPC in the us–east–1 Region.

The company recently acquired a corporation that has several VPCs and a Direct Connect connection between its on–premises data center and the eu–west–2 Region.

The CIDR blocks for the VPCs of the company and the corporation do not overlap. The company requires connectivity between two Regions and the data centers.

The company needs a solution that is scalable while reducing operational overhead. What should a solutions architect do to meet these requirements?

RefreshNextRandom

D. Connect the existing Direct Connect connection to a Direct Connect gateway Route traffic from the virtual private gateways of the VPCs in each Region to the Direct Connect gateway
VPC Home

VPC Question 39/43


A company has deployed an API in a VPC behind an internet–facing Application Load Balancer (ALB). An application that consumes the API as a client is deployed in a second account in private subnets behind a NAT gateway. When requests to the client application increase, the NAT gateway costs are higher than expected. A solutions architect has configured the ALB to be internal.

Which combination of architectural changes will reduce the NAT gateway costs? (Choose two.)

RefreshNextRandom

A. Configure a VPC peering connection between the two VPCs. Access the API using the private address.
D. Configure a PrivateLink connection for the API into the client VP
C. Access the API using the PrivateLink address.
PrivateLink makes it easy to connect services across different accounts and VPCs to significantly simplify the network architecture. There is no API listed in shareable resources for RAM. References: AWS Resource Access Manager > User Guide > Shareable AWS resources
VPC Home

VPC Question 40/43


A company has three VPCs named Development, Testing, and Production in the us–east–1 Region. The three VPCs need to be connected to an on–premises data center and are designed to be separate to maintain security and prevent any resource sharing. A solutions architect needs to find a scalable and secure solution.

What should the solutions architect recommend?

RefreshNextRandom

B. Create VPC peers from all the VPCs to the Production VP
C. Use an AWS Direct Connect connection from the Production VPC back to the data center.
VPC Home

VPC Question 41/43


An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

RefreshNextRandom

A. Use a VPC endpoint for DynamoDB.
An Interface endpoint uses AWS PrivateLink and is an elastic network interface (ENI) with a private IP address that serves as an entry point for traffic destined to a supported service. Using PrivateLink you can connect your VPC to supported AWS services, services hosted by other AWS accounts (VPC endpoint services), and supported AWS Marketplace partner services. AWS PrivateLink access over Inter-Region VPC Peering: Applications in an AWS VPC can securely access AWS PrivateLink endpoints across AWS Regions using Inter-Region VPC Peering. AWS PrivateLink allows you to privately access services hosted on AWS in a highly available and scalable manner, without using public IPs, and without requiring the traffic to traverse the Internet. Customers can privately connect to a service even if the service endpoint resides in a different AWS Region. Traffic using Inter-Region VPC Peering stays on the global AWS backbone and never traverses the public Internet. A gateway endpoint is a gateway that is a target for a specified route in your route table, used for traffic destined to a supported AWS service. An interface VPC endpoint (interface endpoint) enables you to connect to services powered by AWS PrivateLink. References: Amazon DynamoDB > Developer Guide > What Is Amazon DynamoDB?
VPC Home

VPC Question 42/43


A company that recently started using AWS establishes a Site–to–Site VPN between its on–premises datacenter and AWS. The company's security mandate states that traffic originating from on–premises should stay within the company's private IP space when communicating with an Amazon Elastic Container Service (Amazon ECS) cluster that is hosting a sample web application.

Which solution meets this requirement?

RefreshNextRandom

C. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VPC. Connect the two VPCs by using VPC peering.
VPC Home

VPC Question 43/43


A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.

What should a solutions architect do to mitigate any single point of failure in this architecture?

RefreshNextRandom

A. Add a second virtual private gateway and attach it to the Management VPC.
VPC Home

SQS

- 36 Questions
SQS(36)  Home

SQS Question 1/36


A company wants to move a multi–tiered application from on–premises to the AWS Cloud to improve the application's performance. The application consists of application tiers that communicate with each other by way of RESTful services.

Transactions are dropped when one tier becomes overloaded. A solutions architect must design a solution that resolves these issues and modernizes the application.

Which solution meets these requirements and is the MOST operationally efficient?

RefreshNextRandom

D. Use Amazon Simple Queue Service (Amazon SQS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SQS queue length and scale up when communication failures are detected.
SQS Home

SQS Question 2/36


A solutions architect is designing an application for a two–step order process. The first step is synchronous and must return to the user with little latency. The second step takes longer, so it will be implemented in a separate component. Orders must be processed exactly once and in the order in which they are received.

How should the solutions architect integrate these components?

RefreshNextRandom

A. Use Amazon SQS FIFO queues.
"Standard queues provide at-least-once delivery, which means that each message is delivered at least once. FIFO queues provide exactly-once processing, which means that each message is delivered once and remains available until a consumer processes it and deletes it. Duplicates are not introduced into the queue." References: Amazon Simple Queue Service > Developer Guide > What is Amazon Simple Queue Service?
SQS Home

SQS Question 3/36


A solutions architect is redesigning a monolithic application to be a loosely coupled application composed of two microservices: Microservice A and Microservice B.

Microservice A places messages in a main Amazon Simple Queue Service (Amazon SQS) queue for Microservice B to consume. When Microservice B fails to process a message after four retries, the message needs to be removed from the queue and stored for further investigation.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

B. Create an SQS dead-letter queue. Configure the main SQS queue to deliver messages to the dead letter queue after the message has been received four times.
SQS Home

SQS Question 4/36


A three–tier web application processes orders from customers. The web tier consists of Amazon EC2 instances behind an Application Load Balancer, a middle tier of three EC2 instances decoupled from the web tier using Amazon SQS, and an Amazon DynamoDB backend. At peak times, customers who submit orders using the site have to wait much longer than normal to receive confirmations due to lengthy processing times. A solutions architect needs to reduce these processing times.

Which action will be MOST effective in accomplishing this?

RefreshNextRandom

D. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SQS queue depth.
SQS Home

SQS Question 5/36


A company is Re–architecting a strongly coupled application to be loosely coupled Previously the application used a request/response pattern to communicate between tiers. The company plans to use Amazon Simple Queue Service (Amazon SQS) to achieve decoupling requirements. The initial design contains one queue for requests and one for responses However, this approach is not processing all the messages as the application scales.

What should a solutions architect do to resolve this issue?

RefreshNextRandom

A. Configure a dead-letter queue on the ReceiveMessage API action of the SQS queue.
SQS Home

SQS Question 6/36


A mobile gaming company runs application servers on Amazon EC2 instances. The servers receive updates from players every 15 minutes. The mobile game creates a JSON object of the progress made in the game since the last update, and sends the JSON object to an Application Load Balancer. As the mobile game is played, game updates are being lost. The company wants to create a durable way to get the updates in older.

What should a solutions architect recommend to decouple the system?

RefreshNextRandom

C. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues to capture the data and EC2 instances to process the messages in the queue.
SQS Home

SQS Question 7/36


A company wants to build an online marketplace application on AWS as a set of loosely coupled microservices. For this application, when a customer submits a new order, two microservices should handle the event simultaneously. The Email microservice will send a confirmation email, and the order processing microservice will start the order delivery process. If a customer cancels an order, the OrderCancelation and Email microservices should handle the event simultaneously.

A solutions architect wants to use Amazon Simple Queue Service (Amazon SQS) and Amazon Simple

Notification Service (Amazon SNS) to design the messaging between the microservices.

How should the solutions architect design the solution?

RefreshNextRandom

D. Create two SQS queues and publish order events to both queues simultaneously. One queue is for the Email and OrderProcessing microservices. The second queue is for the Email and Order Cancellation microservices.
SQS Home

SQS Question 8/36


A company is designing a web application using AWS that processes insurance quotes. Users will request quotes from the application. Quotes must be separated by quote type must be responded to within 24 hours, and must not be lost. The solution should be simple to set up and maintain.

Which solution meets these requirements?

RefreshNextRandom

C. Create a single Amazon Simple Notification Service (Amazon SNS) topic and subscribe the Amazon SQS queues to the SNS topic. Configure SNS message filtering to publish messages to the proper SQS queue based on the quote type. Configure each backend application server to work its own SQS queue.
It all depends on where you want to do the quote type classification i.e. in the app and send to a different/multiple SNS topics (B) or use SNS filtering to do the type classification (C). The question doesn't really give you enough info to make a clear choice but configuring SNS filtering is probably less work and easier to maintain than maintaining app code. References: Amazon Simple Notification Service > Developer Guide > Amazon SNS message filtering
SQS Home

SQS Question 9/36


A restaurant reservation application needs to access a waiting list.

When a customer tries to reserve a table, and none are available, the customer application will put the user on the waiting list, and the application will notify the customer when a table becomes free.

The waiting list must preserve the order in which customers were added to the waiting list. Which service should the solutions architect recommend to store this waiting list?

RefreshNextRandom

C. A FIFO queue in Amazon Simple Queue Service (Amazon SQS)
SQS Home

SQS Question 10/36


A company is designing a message–driven order processing application on AWS.

The application consists of many services and needs to communicate the results of its processing to multiple consuming services.

Each of the consuming services may take up to 5 days to receive the messages. Which process will meet these requirements?

RefreshNextRandom

C. The application sends the results of its processing to an Amazon Simple Queue Service (Amazon SQS) queue. Each consuming service runs as an AWS Lambda function that consumes this single SQS queue.
SQS Home

SQS Question 11/36


A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent Otherwise, the payments might be processed incorrectly.

Which actions should a solutions architect take to meet this requirement? (Select TWO.)

RefreshNextRandom

A. Write the messages to an Amazon DynamoDB table with the payment ID as the partition key
E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID
SQS Home

SQS Question 12/36


A company has an application that posts messages to Amazon SQS. Another application polls the queue and processes the messages in an I/O–intensive operation. The company has a service level agreement (SLA) that specifies the maximum amount of time that can elapse between receiving the messages and responding to the users. Due to an increase in the number of messages, the company has difficulty meeting its SLA consistently.

What should a solutions architect do to help improve the application's processing time and ensure it can handle the load at any level?

RefreshNextRandom

D. Create an Amazon Machine Image (AMI) from the instance used for processing. Create an Auto Scaling group using this image in its launch configuration. Configure the group with a target tracking policy based on the age of the oldest message in the SQS queue.
SQS Home

SQS Question 13/36


A web application must persist order data to Amazon S3 to support near–real–time processing. A solutions architect needs create an architecture that is both scalable and fault tolerant.

Which solutions meet these requirements? (Select TWO)

RefreshNextRandom

A. Write the order event to an Amazon DynamoDB table. Use DynamoDB Streams to trigger an AWS Lambda function that parses the payload and writes the data to Amazon
B. Write the order event to an Amazon Simple Queue Service (Amazon SQS) queue. Use the queue to trigger an AWS Lambda function that parses the payload and writes the data to Amazon S3.
SQS Home

SQS Question 14/36


A development team is collaborating with another company to create an integrated product. The other company needs to access an Amazon Simple Queue Service (Amazon SQS) queue that is contained in the development team's account. The other company wants to poll the queue without giving up its own account permissions to do so.

How should a solutions architect provide access to the SQS queue?

RefreshNextRandom

C. Create an SQS access policy that provides the other company access to the SQS queue.
SQS Home

SQS Question 15/36


A web application runs on Amazon EC2 instances behind an Application Load Balancer. The application allows users to create custom reports of historical weather data. Generating a report can take up to 5 minutes. These long–running requests use many of the available incoming connections, making the system unresponsive to other users.

How can a solutions architect make the system more responsive?

RefreshNextRandom

A. Use Amazon SQS with AWS Lambda to generate reports.
SQS Home

SQS Question 16/36


A company has an application running as a service in Amazon Elastic Container Service (Amazon EC2) using the Amazon launch type.

The application code makes AWS API calls to publish messages to Amazon Simple Queue Service (Amazon SQS).

What is the MOST secure method of giving the application permission to publish messages to Amazon SQS?

RefreshNextRandom

B. Create a new IAM user with SQS permissions. The update the task definition to declare the access key ID and secret access key as environment variables.
SQS Home

SQS Question 17/36


A company built a food ordering application that captures user data and stores it for future analysis. The application's static front end is deployed on an Amazon EC2 instance. The front–end application sends the requests to the backend application running on separate EC2 instance. The backend application then stores the data in Amazon RDS.

What should a solutions architect do to decouple the architecture and make it scalable?

RefreshNextRandom

D. Use Amazon S3 to serve the static front-end application and send requests to Amazon API Gateway, which writes the requests to an Amazon SQS queue. Place the backend instances in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.
Keyword: Static + Decouple + Scalable Static=S3 Decouple=SQS Queue Scalable=ASG Option B will not be there in the race due to Auto-Scaling unavailability. Option A will not be there in the race due to Decouple unavailability. Option C & D will be in the race and Option D will be correct answers due to all 3 combination matches [Static=S3; Decouple=SQS Queue; Scalable=ASG] & Option C will loose due to Static option unavailability
SQS Home

SQS Question 18/36


A company has developed a microservices application. It uses a client–facing API with Amazon API Gateway and multiple internal services hosted on Amazon EC2 instances to process user requests. The API is designed to support unpredictable surges in traffic, but internal services may become overwhelmed and unresponsive for a period of time during surges. A solutions architect needs to design a more reliable solution that reduces errors when internal services become unresponsive or unavailable.

Which solution meets these requirements?

RefreshNextRandom

D. Use Amazon Simple Queue Service (Amazon SQS) to store user requests as they arrive. Change the internal services to retrieve the requests from the queue for processing.
SQS Home

SQS Question 19/36


A company has an application that ingests incoming messages. These messages are then quickly consumed by dozens of other applications and microservices. The number of messages varies drastically and sometimes spikes as high as 100,000 each second. The company wants to decouple the solution and increase scalability.

Which solution meets these requirements?

RefreshNextRandom

D. Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with one or more Amazon Simple Queue Service (Amazon SQS) subscriptions. All applications then process the messages from the queues.
Q: How large can Amazon SQS message queues be? A single Amazon SQS message queue can contain an unlimited number of messages. However, there is a 120,000 quota for the number of inflight messages for a standard queue and 20,000 for a FIFO queue. Messages are inflight after they have been received from the queue by a consuming component, but have not yet been deleted from the queue. References: Amazon SQS FAQs
SQS Home

SQS Question 20/36


A company is planning a large event where a promotional offer will be introduced. The company's website is hosted on AWS and backed by an Amazon RDS for PostgreSQL DB instance. The website explains the promotion and includes a sign–up page that collects user information and preferences. Management expects large and unpredictable volumes of traffic periodically, which will create many database writes.

A solutions architect needs to build a solution that does not change the underlying data model and ensures that submissions are not dropped before they are committed to the database.

Which solutions meets these requirements?

RefreshNextRandom

B. Use Amazon SQS to decouple the application and database layers. Configure an AWS Lambda function to write items from the queue into the database.
SQS Home

SQS Question 21/36


A company has a media catalog with metadata for each item in the catalog. Different types of metadata are extracted from the media items by an application running on AWS Lambda.

Metadata is extracted according to a number of rules, with the output stored in an Amazon ElastiCache for Redis cluster. The extraction process is done in batches and takes around 40 minutes to complete. The update process is triggered manually whenever the metadata extraction rules change.

The company wants to reduce the amount of time it takes to extract metadata from its media catalog. To achieve this, a solutions architect has split the single metadata extraction Lambda function into a Lambda function for each type of metadata.

Which additional steps should the solutions architect take to meet the requirements?

RefreshNextRandom

C. Create an AWS Step Functions workflow to run the Lambda functions in parallel. Create a Lambda function to retrieve a list of media items and write each item to an Amazon SQS queue. Configure the SQS queue as an input to the Step Functions workflow.
SQS Home

SQS Question 22/36


A company has an automobile sales website that stores its listings in a database on Amazon RDS. When an automobile is sold, the listing needs to be removed from the website and the data must be sent to multiple target systems.

Which design should a solutions architect recommend?

RefreshNextRandom

A. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) queue for the targets to consume.
You can use AWS Lambda to process event notifications from an Amazon Relational Database Service (Amazon RDS) database. Amazon RDS sends notifications to an Amazon Simple Notification Service (Amazon SNS) topic, which you can configure to invoke a Lambda function. Amazon SNS wraps the message from Amazon RDS in its own event document and sends it to your function. References: AWS Lambda > Developer Guide > Using AWS Lambda with Amazon SNS AWS Compute Blog > Messaging Fanout Pattern for Serverless Architectures Using Amazon SNS
SQS Home

SQS Question 23/36


A company's operations team has an existing Amazon S3 bucket configured to notify an Amazon SQS queue when new objects are created within the bucket. The development team also wants to receive events when new objects are created. The existing operations team workflow must remain intact.

Which solution would satisfy these requirements?

RefreshNextRandom

D. Create an Amazon SNS topic and SQS queue for the bucket updates. Update the bucket to send events to the new topic. Add subscriptions for both queues in the topic.
SQS Home

SQS Question 24/36


A company is working with an external vendor that requires write access to the company's Amazon Simple Queue Service (Amazon SQS) queue. The vendor has its own AWS account.

What should a solutions architect do to implement least privilege access?

RefreshNextRandom

D. Create a cross-account role with access to all SQS queues and use the vendor's AWS account in the trust document for the role.
SQS Home

SQS Question 25/36


A company has a service that produces event data. The company wants to use AWS to process the event data as it is received. The data is written in a specific order that must be maintained throughout processing.

The company wants to implement a solution that minimizes operational overhead.

How should a solution architect accomplish this?

RefreshNextRandom

A. Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue to hold messages. Set up an AWS Lambda function to process messages from the queue.
SQS Home

SQS Question 26/36


A company runs an application that uses multiple Amazon EC2 instances to gather data from its users. The data is then processed and transferred to Amazon S3 for long–term storage. A review of the application shows that there were long periods of time when the EC2 instances were not being used. A solutions architect needs to design a solution that optimizes utilization and reduces costs.

Which solution meets these requirements?

RefreshNextRandom

D. Redesign the application to use an event-driven design with Amazon Simple Queue Service (Amazon SQS) and AWS Lambda.
SQS Home

SQS Question 27/36


A company wants to build an online marketplace application on AWS as a set of loosely coupled microservices For this application, when a customer submits a new order two microservices should handle the event simultaneously. The Email microservice will send a confirmation email and the order processing microservice will start the order delivery process If a customer cancels an order, the order cancellation and Email microservices should handle the event simultaneously.

A solutions architect wants to use Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS) to design the messaging between the microservices.

How should the solutions architect design the solution?

RefreshNextRandom

C. Create an SNS topic and publish order events to it Create three SQS queues for the Email OrderProcessing and OrderCancellation microservices Subscribe all SQS queues to the SNS topic with message filtering
SQS Home

SQS Question 28/36


A company is developing a new machine learning model solution in AWS. The models are developed as independent microservices that fetch about 1 GB of model data from Amazon S3 at startup and load the data into memory. Users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where the results should be sent.

The company provides models to hundreds of users. The usage patterns for the models are irregular Some models could be unused for days or weeks. Other models could receive batches of thousands of requests at a time.

Which solution meets these requirements?

RefreshNextRandom

D. The requests from the API are sent to the models Amazon Simple Queue Service (Amazon SQS) queue. Models are deployed as Amazon Elastic Container Service (Amazon ECS) services reading from the queue AWS Auto Scaling is enabled on Amazon ECS for both the cluster and copies of the service based on the queue size.
SQS Home

SQS Question 29/36


A company has two applications: a sender application that sends messages with payloads to be processed and a processing application intended to receive messages with payloads. The company wants to implement an AWS service to handle messages between the two applications. The sender application can send about 1,000 messages each hour. The messages may take up to 2 days to be processed. If the messages fail to process, they must be retained so that they do not impact the processing of any remaining messages.

Which solution meets these requirements and is the MOST operationally efficient?

RefreshNextRandom

C. Integrate the sender and processor applications with an Amazon Simple Queue Service (Amazon SQS) queue. Configure a dead-letter queue to collect the messages that failed to process.
SQS Home

SQS Question 30/36


A company has an asynchronous web application where Amazon API Gateway triggers AWS Lambda functions to perform write and update operations on an Amazon RDS DB instance. During periods of extreme use API Gateway and Lambda scale in response to the incoming workload but service outages occur due to congestion with Amazon RDS.

The company is seeking a cost–effective design to alleviate this congestion. What should a solutions architect recommend'?

RefreshNextRandom

D. Use Amazon Simple Queue Service (Amazon SQS) to buffer the incoming requests before delivering them to the Lambda functions
SQS Home

SQS Question 31/36


A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.

Which design should the solutions architect use?

RefreshNextRandom

C. Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue.
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. Get started with SQS in minutes using the AWS console, Command Line Interface or SDK of your choice, and three simple commands. SQS offers two types of message queues. Standard queues offer maximum throughput, best-effort ordering, and at-least-once delivery. SQS FIFO queues are designed to guarantee that messages are processed exactly once, in the exact order that they are sent. Scaling Based on Amazon SQS There are some scenarios where you might think about scaling in response to activity in an Amazon SQS queue. For example, suppose that you have a web app that lets users upload images and use them online. In this scenario, each image requires resizing and encoding before it can be published. The app runs on EC2 instances in an Auto Scaling group, and it's configured to handle your typical upload rates. Unhealthy instances are terminated and replaced to maintain current instance levels at all times. The app places the raw bitmap data of the images in an SQS queue for processing. It processes the images and then publishes the processed images where they can be viewed by users. The architecture for this scenario works well if the number of image uploads doesn't vary over time. But if the number of uploads changes over time, you might consider using dynamic scaling to scale the capacity of your Auto Scaling group. In this case we need to find a durable and loosely coupled solution for storing jobs. Amazon SQS is ideal for this use case and can be configured to use dynamic scaling based on the number of jobs waiting in the queue. To configure this scaling you can use the backlog per instance metric with the target value being the acceptable backlog per instance to maintain. You can calculate these numbers as follows: Backlog per instance: To calculate your backlog per instance, start with the ApproximateNumberOfMessages queue attribute to determine the length of the SQS queue (number of messages available for retrieval from the queue). Divide that number by the fleet's running capacity, which for an Auto Scaling group is the number of instances in the InService state, to get the backlog per instance. Acceptable backlog per instance: To calculate your target value, first determine what your application can accept in terms of latency. Then, take the acceptable latency value and divide it by the average time that an EC2 instance takes to process a message. This solution will scale EC2 instances using Auto Scaling based on the number of jobs waiting in the SQS queue. CORRECT: "Create an Amazon SQS queue to hold the jobs that needs to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue" is the correct answer. INCORRECT: "Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage" is incorrect as scaling on network usage does not relate to the number of jobs waiting to be processed. INCORRECT: "Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage" is incorrect. Amazon SNS is a notification service so it delivers notifications to subscribers. It does store data durably but is less suitable than SQS for this use case. Scaling on CPU usage is not the best solution as it does not relate to the number of jobs waiting to be processed. INCORRECT: "Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic" is incorrect. Amazon SNS is a notification service so it delivers notifications to subscribers. It does store data durably but is less suitable than SQS for this use case. Scaling on the number of notifications in SNS is not possible. References: Amazon EC2 Auto Scaling > User Guide > Scaling based on Amazon SQS
SQS Home

SQS Question 32/36


A company is developing a video conversion application hosted on AWS. The application will be available in two tiers: a free tier and a paid tier. Users in the paid tier will have their videos converted first and then the tree tier users will have their videos converted.

Which solution meets these requirements and is MOST cost–effective?

RefreshNextRandom

D. Two standard Amazon Simple Queue Service (Amazon SQS) queues with one for the paid tier and one for the free tier.
In AWS, the queue service is the Simple Queue Service (SQS). Multiple SQS queues may be prepared to prepare queues for individual priority levels (with a priority queue and a secondary queue). Moreover, you may also use the message Delayed Send function to delay process execution.
SQS Home

SQS Question 33/36


A company is running an application on AWS to process weather sensor data that is stored in an Amazon S3 bucket.

Three batch jobs run hourly to process the data in the S3 bucket for different purposes.

The company wants to reduce the overall processing time by running the three applications in parallel using an event–based approach.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SQS) FIFO queues. Create an additional SQS queue for each application and subscribe each queue to the initial topic for processing
SQS Home

SQS Question 34/36


A company is developing a new machine learning model solution in AWS. The models are developed as independent microservices that fetch about 1 GB of model data from Amazon S3 at startup and load the data into memory. users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where the result should be sent.

The company provides models to hundreds of users. The usage patterns for the models are irregular. somes models could be unused for days or weeks. other models could receive batches of thousands of requests at a time.

Which solution meets these requirements?

RefreshNextRandom

D. The requests from the API are sent to the model's Amazon simple Queue Service (Amazon SQS) queue. Models are deployed as Amazon Elastics container service ( Amazon ECS) services reading from the queue. AWS Auto Scaling is enabled ECS for both the cluster and copies the service based on the queue size.
SQS Home

SQS Question 35/36


A company receives data from different sources and implements multiple applications to consume this data.

There are many short–running jobs that run only on the weekend. The data arrives in batches rather than throughout the entire weekend.

The company needs an environment on AWS to ingest and process this data while maintaining the order of the transactions.

Which combination of AWS services meets these requirements in the MOST cost–effective manner?

RefreshNextRandom

C. Amazon Simple Queue Service (Amazon SQS) with AWS Lambda
SQS Home

SQS Question 36/36


An online photo application lets users upload photos and perform image editing operations. The application offers two classes of service: free and paid. Photos submitted by paid users are processed before those submitted by free users. Photos are uploaded to Amazon S3 and the job information is sent to Amazon SQS.

Which configuration should a solutions architect recommend?

RefreshNextRandom

A. Use one SQS FIFO queue. Assign a higher priority to the paid photos so they are processed first.
SQS Home

EFS

- 30 Questions
EFS(30)  Home

EFS Question 1/30


A company has a build server that is in an Auto Scaling group and often has multiple Linux instances running.

The build server requires consistent shared NFS storage for jobs and configurations.

Which storage option should a solution architect recommend?

RefreshNextRandom

D. Amazon Elastic File System (Ama on EFS)
EFS Home

EFS Question 2/30


A solutions architect needs to design a network that will allow multiple Amazon EC2 instances to access a common data source used for mission–critical data that can be accessed by all the EC2 instances simultaneously. The solution must be highly scalable, easy to implement and support the NFS protocol.

Which solution meets these requirements?

RefreshNextRandom

A. Create an Amazon EFS file system. Configure a mount target in each Availability Zone. Attach each instance to the appropriate mount target.
EFS Home

EFS Question 3/30


A company's web application is using multiple Linux Amazon EC2 instances and storing data on Amazon EBS volumes. The company is looking for a solution to increase the resiliency of the application in case of a failure and to provide storage that complies with atomicity, consistency, isolation, and durability (ACID).

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data on Amazon EFS and mount a target on each instance.
How Amazon EFS Works with Amazon EC2 The following illustration shows an example VPC accessing an Amazon EFS file system. Here, EC2 instances in the VPC have file systems mounted. In this illustration, the VPC has three Availability Zones, and each has one mount target created in it. We recommend that you access the file system from a mount target within the same Availability Zone. One of the Availability Zones has two subnets. However, a mount target is created in only one of the subnets. Benefits of Auto Scaling Better fault tolerance. Amazon EC2 Auto Scaling can detect when an instance is unhealthy, terminate it, and launch an instance to replace it. You can also configure Amazon EC2 Auto Scaling to use multiple Availability Zones. If one Availability Zone becomes unavailable, Amazon EC2 Auto Scaling can launch instances in another one to compensate. Better availability. Amazon EC2 Auto Scaling helps ensure that your application always has the right amount of capacity to handle the current traffic demand. Better cost management. Amazon EC2 Auto Scaling can dynamically increase and decrease capacity as needed. Because you pay for the EC2 instances you use, you save money by launching instances when they are needed and terminating them when they aren't. To increase the resiliency of the application the solutions architect can use Auto Scaling groups to launch and terminate instances across multiple availability zones based on demand. An application load balancer (ALB) can be used to direct traffic to the web application running on the EC2 instances. Lastly, the Amazon Elastic File System (EFS) can assist with increasing the resilience of the application by providing a shared file system that can be mounted by multiple EC2 instances from multiple availability zones. CORRECT: "Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data on Amazon EFS and mount a target on each instance" is the correct answer. INCORRECT: "Launch the application on EC2 instances in each Availability Zone. Attach EBS volumes to each EC2 instance" is incorrect as the EBS volumes are single points of failure which are not shared with other instances. INCORRECT: "Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Mount an instance store on each EC2 instance" is incorrect as instance stores are ephemeral data stores which means data is lost when powered down. Also, instance stores cannot be shared between instances. INCORRECT: "Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data using Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)" is incorrect as there are data retrieval charges associated with this S3 tier. It is not a suitable storage tier for application files. References: Amazon Elastic File System Documentation
EFS Home

EFS Question 4/30


A company has a build server that is in an Auto Scaling group and often has multiple Linux instances running. The build server requires consistent and mountable shared NFS storage for jobs and configurations.

Which storage option should a solutions architect recommend?

RefreshNextRandom

D. Amazon Elastic File System (Amazon EFS)
EFS Home

EFS Question 5/30


An application running on an Amazon EC2 instance needs to securely access files on an Amazon Elastic File System (Amazon EFS) file system. The EFS files are stores using encryptions at rest.

Which solution for accessing the files in MOST secure?

RefreshNextRandom

C. Enable AWS Key MAnagement Service (AKS KMS) when mounting Amazon EFS.
EFS Home

EFS Question 6/30


A media company is using two video conversion tools that run on Amazon EC2 instances. One tool runs on Windows instances, and the other tool runs on Linux instances. Each video file is large in size and must be processed by both tools.

The company needs a storage solution that can provide a centralized file system that can be mounted on all the EC2 instances that are used in this process.

Which solution meets these requirements?

RefreshNextRandom

C. Use Amazon Elastic File System (Amazon EFS) with General Purpose performance mode for the Windows instances and the Linux instances
EFS Home

EFS Question 7/30


A solution architect is designing a shared storage solution for an Auto Scaling web application. The company anticipates making frequent changes to the content, so the solution must have strong consistency.

Which solution requires the LEAST amount of effort?

RefreshNextRandom

B. Create an Amazon Elastic File system ( Amazon EFS ) file system and mount it on the individual Amazon EC2 instance
EFS Home

EFS Question 8/30


A company runs multiple Amazon EC2 Linux instances in a VPC with applications that use a hierarchical directory structure. The applications need to rapidly and concurrently read and write to shared storage.

How can this be achieved?

RefreshNextRandom

A. Create an Amazon EFS file system and mount it from each EC2 instance.
EFS Home

EFS Question 9/30


A solutions architect is designing the cloud architecture for a new application being deployed to AWS. The application allows users to interactively download and upload files. Files older than 2 years will be accessed less frequently. The solutions architect needs to ensure that the application can scale to any number of files while maintaining high availability and durability.

Which scalable solutions should the solutions architect recommend? (Choose two.)

RefreshNextRandom

A. Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Glacier.
C. Store the files on Amazon Elastic File System (Amazon EFS) with a lifecycle policy that moves objects older than 2 years to EFS Infrequent Access (EFS IA).
EFS Home

EFS Question 10/30


A solutions architect is designing a solution that involves orchestrating a series of Amazon Elastic Container Service (Amazon ECS) task types running on Amazon EC2 instances that are part of an ECS cluster. The output and state data for all tasks needs to be stored. The amount of data output by each task is approximately 10 MB, and there could be hundreds of tasks running at a time. The system should be optimized for high–frequency reading and writing. As old outputs are archived and deleted, the storage size is not expected to exceed 1 TB.

Which storage solution should the solutions architect recommend?

RefreshNextRandom

C. An Amazon Elastic File System (Amazon EFS) file system with Bursting Throughput mode.
EFS Home

EFS Question 11/30


A company is running a media store across multiple Amazon EC2 instances distributed across multiple Availability Zones in a single VPC.

The company wants a high–performing solution to share data between all the EC2 instances, and prefers to keep the data within the VPC only.

What should a solutions architect recommend?

RefreshNextRandom

D. Configure an Amazon Elastic File System (Amazon EFS) file system and mount it across all instances.
EFS Home

EFS Question 12/30


A solutions architect needs to host a high performance computing (HPC) workload in the AWS Cloud.

The workload will run on hundreds of Amazon EC2 instances and will require parallel access to a shared file system to enable distributed processing of large datasets. Datasets will be accessed across multiple instances simultaneously.

The workload requires access latency within 1 ms.

After processing has completed, engineer will need access to the dataset for manual postprocessing.

Which solution will meet these requirements?

RefreshNextRandom

A. Use Amazon Elastic File System (Amazon EFS) as a shared file system. Access the dataset from Amazon EFS.
EFS Home

EFS Question 13/30


A company uses on–premises servers to host its applications. The company is running out of storage capacity. The applications use both block storage and NFS storage. The company needs a high–performing solution that supports local caching without re–architecting its existing applications.

Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

RefreshNextRandom

D. Deploy an AWS Storage Gateway volume gateway to replace the block storage.
E. Deploy Amazon Elastic Fife System (Amazon EFS) volumes and mount them to on-premises servers.
EFS Home

EFS Question 14/30


A solutions architect is designing a shared storage solution for a web application that is deployed across multiple Availability Zones.

The web application runs on Amazon EC2 instances in an Auto Scaling group.

The company anticipates making frequent changes to the content, so the solution must have strong consistency.

Which solution meets these requirements?

RefreshNextRandom

B. Create an Amazon Elastic File System (Amazon EFS) file system and mount it on the individual EC2 instances.
EFS Home

EFS Question 15/30


A company is planning to migrate a legacy application to AWS. The application currently uses NFS to communicate to an on–premises storage solution to store application data. The application cannot be modified to use any other communication protocols other than NFS for this purpose.

Which storage solution should a solutions architect recommend for use after the migrations?

RefreshNextRandom

C. Amazon Elastic File System (Amazon EFS) References: Amazon Elastic File System
EFS Home

EFS Question 16/30


A solutions architect needs to design a resilient solution for Windows users' home directories. The solution must provide fault tolerance, file–level backup and recovery, and access control, based upon the company's Active Directory.

Which storage solution meets these requirements?

RefreshNextRandom

C. Configure Amazon Elastic File System (Amazon EFS) for the users' home directories. Configure AWS Single Sign-On with Active Directory.
EFS Home

EFS Question 17/30


A company seeks a storage solution for its application. The solution must be highly available and scalable.

The solution also must function as a file system, be mountable by multiple Linux instances in AWS and on–premises through native protocols, and have no minimum size requirements.


RefreshNextRandom

C. Amazon Elastic File System (Amazon EFS) with multiple mount targets
EFS Home

EFS Question 18/30


A company wants to move its on–premises network, attached storage (NAS) to AWS. The company wants to make the data available to any Linux instances within its VPC and ensure changes are automatically synchronized across all instances accessing the data store. The majority of the data is accessed very rarely, and some files are accessed by multiple users at the same time.
Which solution meets these requirements and is MOST cost–effective?

RefreshNextRandom

C. Create an Amazon Elastic File System (Amazon EFS) file system within the VP
EFS Home

EFS Question 19/30


A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that each time they refreshed the website, they could see one subset of their documents or the other, but never all of the documents at the same time.

What should a solutions architect propose to ensure users see all of their documents at once?

RefreshNextRandom

C. Copy the data from both EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS.
Amazon EFS provides file storage in the AWS Cloud. With Amazon EFS, you can create a file system, mount the file system on an Amazon EC2 instance, and then read and write data to and from your file system. You can mount an Amazon EFS file system in your VPC, through the Network File System versions 4.0 and 4.1 (NFSv4) protocol. We recommend using a current generation Linux NFSv4.1 client, such as those found in the latest Amazon Linux, Redhat, and Ubuntu AMIs, in conjunction with the Amazon EFS Mount Helper. For instructions, see Using the amazon-efs-utils Tools. For a list of Amazon EC2 Linux Amazon Machine Images (AMIs) that support this protocol, see NFS Support. For some AMIs, you'll need to install an NFS client to mount your file system on your Amazon EC2 instance. For instructions, see Installing the NFS Client. You can access your Amazon EFS file system concurrently from multiple NFS clients, so applications that scale beyond a single connection can access a file system. Amazon EC2 instances running in multiple Availability Zones within the same AWS Region can access the file system, so that many users can access and share a common data source. How Amazon EFS Works with Amazon EC2
EFS Home

EFS Question 20/30


A company is migrating a Linux–based web server group to AWS. The web servers must access files in a shared file store for some content to meet the migration date, minimal changes can be made.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Create an Amazon Elastic File System (Amazon EFS) volume and mount it on all web servers.
EFS Home

EFS Question 21/30


A company wants to move its on–premises network, attached storage (NAS) to AWS. The company wants to make the data available to any Linux instances within its VPC and ensure changes are automatically synchronized across all instances accessing the data store. The majority of the data is accessed very rarely, and some files are accessed by multiple users at the same time.
Which solution meets these requirements and is MOST cost–effective?

RefreshNextRandom

D. Create an Amazon Elastic File System (Amazon EFS) file system within the VP
C. Set the lifecycle policy to transition the data to EFS Infrequent Access (EFS IA) after the appropriate number of days.
EFS Home

EFS Question 22/30


A solutions architect needs to design a resilient solution for Windows users' home directories. The solution must provide fault tolerance, file–level backup and recovery, and access control, based upon the company's Active Directory.

Which storage solution meets these requirements?

RefreshNextRandom

C. Configure Amazon Elastic File System (Amazon EFS) for the users' home directories. Configure AWS Single Sign-On with Active Directory.
EFS Home

EFS Question 23/30


A company has an application that uses Amazon Elastic File System (Amazon EFS) to store data. The files are 1 GB in size or larger and are accessed often only for the first few days after creation. The application data is shared across a cluster of Linux servers. The company wants to reduce storage costs for the application.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Configure a Lifecycle policy to move the files to the EFS Infrequent Access (IA) swage class after 7 days.
EFS Home

EFS Question 24/30


A company is planning to migrate a legacy application to AWS. The application currently uses NFS to communicate to an on–premises storage solution to store application data. The application cannot be modified to use any other communication protocols other than NFS for this purpose.

Which storage solution should a solutions architect recommend for use after the migration?

RefreshNextRandom

C. Amazon Elastic File System (Amazon EFS)
EFS Home

EFS Question 25/30


A solutions architect is investigating AWS file storage solutions that can be used with a company's on–premises Linux servers and applications. The company has an existing VPN connection set up between the company's VPC and its on–premises network.

Which AWS services should the solutions architect use? (Select TWO)

RefreshNextRandom

A. AWS Backup
E. Amazon Elastic File System (Amazon EFS)
EFS Home

EFS Question 26/30


A product team is creating a new application that will store a large amount of data. The data will be analyzed hourly and modified by multiple Amazon EC2 Linux instances. The application team believes the amount of space needed will continue to grow for the next 6 months.

Which set of actions should a solutions architect take to support these needs?

RefreshNextRandom

B. Store the data in an Amazon EFS file system. Mount the file system on the application instances.
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. "The data will be analyzed hourly and modified by multiple Amazon EC2 Linux instances." Amazon EFS is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent low latencies. Amazon EFS is well suited to support a broad spectrum of use cases from home directories to business-critical applications. Customers can use EFS to lift-and-shift existing enterprise applications to the AWS Cloud. Other use cases include big data analytics, web serving and content management, application development and testing, media and entertainment workflows, database backups, and container storage. Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.
EFS Home

EFS Question 27/30


A solutions architect is designing an elastic application that will have between 10 and 50 Amazon EC2 concurrent instances running depending on the load.

Each instance must mount storage that will read and write to the same 50 GB folder.

Which storage type meets the requirements?

RefreshNextRandom

B. Amazon Elastic File System (Amazon EFS)
EFS Home

EFS Question 28/30


A solutions architect is designing a solution that involves orchestrating a series of Amazon Elastic Container Service (Amazon ECS) task types running on Amazon EC2 instances that are part of an ECS cluster. The output and state data for all tasks needs to be stored.

The amount of data output by each task is approximately 10MB, and there could be hundreds of tasks running at a time. The system should be optimized for high–frequency reading and writing. As old outputs are archived and deleted, the storage size is not expected to exceed 1TB.

Which storage solution should the solutions architect recommend?

RefreshNextRandom

C. An Amazon Elastic File System (Amazon EFS) file system with Bursting Throughput mode.
EFS Home

EFS Question 29/30


A company has two applications it wants to migrate to AWS. Both applications process a large set of files by accessing the same files at the same time. Both applications need to read the files with low latency.

Which architecture should a solutions architect recommend for this situation?

RefreshNextRandom

D. Configure two Amazon EC2 instances to run both applications. Configure Amazon Elastic File System (Amazon EFS) with General Purpose performance mode and Bursting Throughput mode to store the data.
EFS Home

EFS Question 30/30


A solutions architect needs to design a network that will allow multiple Amazon EC2 instances to access a common data source used for mission–critical data that can be accessed by all the EC2 instances simultaneously. The solution must be highly scalable, easy to implement, and support the NFS protocol.

Which solution meets these requirements?

RefreshNextRandom

A. Create an Amazon EFS file system. Configure a mount target in each Availability Zone. Attach each instance to the appropriate mount target.
EFS Home

EBS

- 22 Questions
EBS(22)  Home

EBS Question 1/22


A company is deploying a public–facing global application on AWS using Amazon CloudFront. The application communicates with an external system. A solutions architect needs to ensure the data is secured during end–to–end transit and at rest.

Which combination of steps will satisfy these requirements? (Select TWO)

RefreshNextRandom

C. Provision Amazon EBS encrypted volumes using AWS KMS and ensure explicit encryption of data when writing to Amazon EBS.
D. Use SSL or encrypt data while communicating with the external system using a VPN.
EBS Home

EBS Question 2/22


A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing, 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.

Which set of services should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage
EBS Home

EBS Question 3/22


A company finds that, as its use of Amazon EC2 instances grows us Amazon Elastic Block Store (Amazon EDS) storage costs are increasing faster man expected.

Which EBS management practices would help reduce costs? (Select TWO. )

RefreshNextRandom

B. Monitor and enforce that the Delete on termination attribute is set to true for all EBS volumes, unless persistence requirements dictate otherwise.
D. For EBS volumes needed for retention purposes that are not being actively used, take a snapshot and terminate the instance and volume.
EBS Home

EBS Question 4/22


A solutions architect needs to ensure that all Amazon Elastic Block Store (Amazon EBS) volumes restored from unencrypted EBC snapshots are encrypted.

What should the solutions architect do to accomplish this?

RefreshNextRandom

A. Enable EBS encryption by default for the AWS Region.
Question asked is to ensure that all volumes restored are encrypted. So have to be "Enable encryption by default".
EBS Home

EBS Question 5/22


A company is building a web application that servers a content management system.

The content management system runs on Amazon EC2 instances behind an Application Load Balancer (ALB).

The EC2 instances run in an Auto Scaling group across Availability Zones.

Users are constantly adding and updating files, blogs, and other website assets in the content management system.

Which solution meets these requirements?

RefreshNextRandom

C. Copy the website assets to an Amazon S3 bucket. Ensure that each EC2 instance downloads the website assets from the S3 bucket to the attached Amazon Basic Block Store (Amazon EBS) volume. Run the S3 sync command once each hour to keep files up to date.
EBS Home

EBS Question 6/22


A company slops a cluster of Amazon EC2 instances over a weekend. The costs decrease, but they do not drop to zero.

Which resources could still be generating costs? (Select TWO.)

RefreshNextRandom

A. Elastic IP addresses
D. Amazon Elastic Block Store (Amazon EBS) volumes
EBS Home

EBS Question 7/22


A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that each time they refreshed the website, they could see one subset of their documents or the other, but never all of the documents at the same time.

What should a solutions architect propose to ensure users see all of their documents at once?

RefreshNextRandom

C. Copy the data from both EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS.
Amazon EFS provides file storage in the AWS Cloud. With Amazon EFS, you can create a file system, mount the file system on an Amazon EC2 instance, and then read and write data to and from your file system. You can mount an Amazon EFS file system in your VPC, through the Network File System versions 4.0 and 4.1 (NFSv4) protocol. We recommend using a current generation Linux NFSv4.1 client, such as those found in the latest Amazon Linux, Redhat, and Ubuntu AMIs, in conjunction with the Amazon EFS Mount Helper. For instructions, see Using the amazon-efs-utils Tools. For a list of Amazon EC2 Linux Amazon Machine Images (AMIs) that support this protocol, see NFS Support. For some AMIs, you'll need to install an NFS client to mount your file system on your Amazon EC2 instance. For instructions, see Installing the NFS Client. You can access your Amazon EFS file system concurrently from multiple NFS clients, so applications that scale beyond a single connection can access a file system. Amazon EC2 instances running in multiple Availability Zones within the same AWS Region can access the file system, so that many users can access and share a common data source. How Amazon EFS Works with Amazon EC2
EBS Home

EBS Question 8/22


A solutions architect must design a solution for a persistent database that is being migrated from on–premises to AWS. The database requires 64,000 IOPS according to the database administrator. If possible, the database administrator wants to use a single Amazon Elastic Block Store (Amazon EBS) volume to host the database instance.

Which solution effectively meets the database administrator's criteria?

RefreshNextRandom

B. Create an Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (io1) volume attached. Configure the volume to have 64,000 IOPS.
EBS Home

EBS Question 9/22


A solutions architect is deploying a distributed database on multiple Amazon EC2 instances. The database stores all data on multiple instances so it can withstand the loss of an instance. The database requires block storage with latency and throughput to support several million transactions per second per server.

Which storage solution should the solutions architect use?

RefreshNextRandom

A. Amazon EBS
Amazon Elastic Block Store (EBS) is an easy to use, high performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale. A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS. References: https://quizform.net/exam/24/learning/14 Amazon Elastic Compute Cloud > User Guide for Linux Instances > Amazon EC2 instance store
EBS Home

EBS Question 10/22


A company wants to run a static website served through Amazon CloudFront.

What is an advantage of storing the website content in an Amazon S3 bucket instead of an Amazon Elastic Block Store (Amazon EBS) volume?

RefreshNextRandom

B. S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin
EBS Home

EBS Question 11/22


A company wants a storage option that enables its data science team to analyze its data on–premises and in the AWS Cloud. The team needs to be able to run statistical analyses by using the data on–premises and by using a fleet of Amazon EC2 instances across multiple Availability Zones.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Use an AWS Storage Gateway file gateway to copy the on-premises files to Amazon Elastic Block Store (Amazon EBS).
EBS Home

EBS Question 12/22


You are trying to launch an EC2 instance, however the instance seems to go into a terminated status immediately. What would probably not be a reason that this is happening?

RefreshNextRandom

C. You need to create storage in EBS first.
Amazon EC2 provides a virtual computing environments, known as an instance. After you launch an instance, AWS recommends that you check its status to confirm that it goes from the pending status to the running status, the not terminated status. The following are a few reasons why an Amazon EBS-backed instance might immediately terminate: You've reached your volume limit. The AMI is missing a required part. The snapshot is corrupt. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Instance terminates immediately
EBS Home

EBS Question 13/22


A company is deploying a production portal application on AWS. The database tier has structured data.

The company requires a solution that is easily manageable and highly available.

How can these requirements be met?

RefreshNextRandom

A. Deploy the database on multiple Amazon EC2 instances backed by Amazon Elastic Block Store (Amazon EBS) across multiple Availability Zones.
EBS Home

EBS Question 14/22


A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing. 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.

Which set of services should a solutions architect recommend to meet these requirements?

RefreshNextRandom

A. Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage
EBS Home

EBS Question 15/22


A financial company operates its production AWS environment in the us–east–1 Region and uses Amazon Elastic Block Store (Amazon EBS) snapshots to back up its instances.

To meet a compliance requirement, the company must maintain a secondary copy of all critical data at least 100 miles (160.9 km) away from its primary location.

What is the MOST cost–effective way for the company to meet this requirement?

RefreshNextRandom

C. Replicate the EBS snapshots to us-west-1.
EBS Home

EBS Question 16/22


A company is running a highly sensitive application on Amazon EC2 backed by an Amazon RDS database.

Compliance regulations mandate that all personally identifiable information (PII) be encrypted at rest.

Which solution should a solutions architect recommend to meet this requirement with the LEAST amount of changes to the infrastructure?

RefreshNextRandom

D. Configure Amazon Elastic Block Store (Amazon EBS) encryption and Amazon RDS encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes.
EBS Home

EBS Question 17/22


A company is building a document storage application on AWS. The application runs on Amazon EC2 instances in multiple Availability Zones. The company requires the document store to be highly available.

The documents need to be returned immediately when requested. The lead engineer has configured the application to use Amazon Elastic Block Store (Amazon EBS) to store the documents, but is willing to consider other options to meet the availability requirement.

What should a solutions architect recommend?

RefreshNextRandom

B. Use Amazon EBS for the EC2 instance root volumes. Configure the application to build the document store on Amazon S3.
EBS Home

EBS Question 18/22


A company runs an application on three very large Amazon EC2 instances.

In a single Availability Zone in the us–east–1 Region Multiple 16 TB Amazon Elastic Block Store (Amazon EBS) volumes are attached to each EC2 instance.

The operations team uses an AWS Lambda script triggered by a schedule–based Amazon EventBridge (Amazon CloudWatch Events) rule to stop the instances on evenings and weekends, and start the instances on weekday mornings.

Before deploying the solution, the company used the public AWS pricing documentation to estimate the overall costs of running this data warehouse solution 5 days a week for 10 hours a day.

When looking at monthly Cost Explorer charges for this new account, the overall charges are higher than the estimate.

What is the MOST likely cost factor that the company overlooked?

RefreshNextRandom

D. The company is being billed for the EBS storage on nights and weekends
EBS Home

EBS Question 19/22


Cost Explorer is showing charges higher than expected for Amazon Elastic Block Store (Amazon EBS) volumes connected to application servers in a production account.

A significant portion of the changes from Amazon EBS are from volumes that were created as Provisioned IOPS SSD (101) volume types Controlling costs is the highest priority for this application.

Which steps should the user take to analyze and reduce the EBS costs without incurring any application downtime? (Select TWO )

RefreshNextRandom

A. Use the Amazon EC2 ModifylnstanceAttribute action to enable EBS optimization on the application server instances
D. Use the Amazon EC2 ModifyVolume action to change the volume type of the underutilized io1 volumes to General Purpose SSD (gp2)
EBS Home

EBS Question 20/22


A company hosts an application on an Amazon EC2 instance that requires a maximum of 200 GB storage space. The application is used infrequently, with peaks during mornings and evenings. Disk I/O varies, but peaks at 3,000 IOPS. The chief financial officer of the company is concerned about costs and has asked a solutions architect to recommend the most cost–effective storage option that does not sacrifice performance.

Which solution should the solutions architect recommend?

RefreshNextRandom

B. Amazon EBS General Purpose SSD (gp2)
General Purpose SSD (gp2) volumes offer cost-effective storage that is ideal for a broad range of workloads. These volumes deliver single-digit millisecond latencies and the ability to burst to 3,000 IOPS for extended periods of time. Between a minimum of 100 IOPS (at 33.33 GiB and below) and a maximum of 16,000 IOPS (at 5,334 GiB and above), baseline performance scales linearly at 3 IOPS per GiB of volume size. AWS designs gp2 volumes to deliver their provisioned performance 99% of the time. A gp2 volume can range in size from 1 GiB to 16 TiB. In this case the volume would have a baseline performance of 3 x 200 = 600 IOPS. The volume could also burst to 3,000 IOPS for extended periods. As the I/O varies, this should be suitable. CORRECT: "Amazon EBS General Purpose SSD (gp2)" is the correct answer. INCORRECT: "Amazon EBS Provisioned IOPS SSD (io1) " is incorrect as this would be a more expensive option and is not required for the performance characteristics of this workload. INCORRECT: "Amazon EBS Cold HDD (sc1)" is incorrect as there is no IOPS SLA for HDD volumes and they would likely not perform well enough for this workload. INCORRECT: "Amazon EBS Throughput Optimized HDD (st1)" is incorrect as there is no IOPS SLA for HDD volumes and they would likely not perform well enough for this workload. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Amazon EBS volume types
EBS Home

EBS Question 21/22


A company has many applications on Amazon EC2 instances running in Auto Scaling groups. Company policy requires that the data on the attached Amazon Elastic Block Store (Amazon EBS) volumes be retained.

Which action will meet these requirements without impacting performance?

RefreshNextRandom

B. Disable the DeleteOnTermination attribute for the Amazon EBS volumes.
EBS Home

EBS Question 22/22


A company runs a legacy application with a single–tier architecture on an Amazon EC2 instance Disk I/O is low. With occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM daily.

Which storage option is MOST appropriate for this workload?

RefreshNextRandom

B. Amazon EBS General Purpose SSD (gp2) storage
EBS Home

IAM

- 22 Questions
IAM(22)  Home

IAM Question 1/22


A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis. An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.

Which action will MOST securely grant the EC2 instance access to the S3 bucket?

RefreshNextRandom

C. Associate an IAM role with least privilege permissions to the EC2 instance profile.
Keyword: Privilege Permission + IAM Role AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users. IAM roles for Amazon EC2 Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances. For example, you can securely distribute your AWS credentials to the instances, enabling the applications on those instances to use your credentials to sign requests, while protecting your credentials from other users. However, it's challenging to securely distribute credentials to each instance, especially those that AWS creates on your behalf, such as Spot Instances or instances in Auto Scaling groups. You must also be able to update the credentials on each instance when you rotate your AWS credentials. We designed IAM roles so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles as follows: Create an IAM role. Define which accounts or AWS services can assume the role. Define which API actions and resources the application can use after assuming the role. Specify the role when you launch your instance, or attach the role to an existing instance. Have the application retrieve a set of temporary credentials and use them. For example, you can use IAM roles to grant permissions to applications running on your instances that need to use a bucket in Amazon S3. You can specify permissions for IAM roles by creating a policy in JSON format. These are similar to the policies that you create for IAM users. If you change a role, the change is propagated to all instances. When creating IAM roles, associate least privilege IAM policies that restrict access to the specific API calls the application requires. References: AWS Identity and Access Management (IAM) FAQs Amazon Elastic Compute Cloud > User Guide for Linux Instances > IAM roles for Amazon EC2
IAM Home

IAM Question 2/22


A company has established a new AWS account. The account is newly provisioned and no changed have been made to the default settings. The company is concerned about the security of the AWS account root user.

What should be done to secure the root user?

RefreshNextRandom

B. Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user.
IAM Home

IAM Question 3/22


A solutions architect is using an AWS Cloud Formation template to deploy a three–tier web application. The web application consists of a web tier and an application tier that stores and retrieves user data in Amazon DynamoDB tables. The web and application tiers are hosted on Amazon EC2 instances, and the database tier is not publicly accessible. The application EC2 instances need to access the DynamoDB tables without exposing API credentials in the template.

What should the solutions architect do to meet these requirements?

RefreshNextRandom

B. Create an IAM role that has the required permissions to read and write from the DynamoOB tables. Add the role to the EC2 instance profile and associate the instance profile with the apphcanon instances
IAM Home

IAM Question 4/22


A company fails an AWS security review conducted by a third party.

The review finds that some of the company's methods to access the Amazon EMR API are not secure.

Developers are using AWS Cloud9, and access keys are connecting to the Amazon EMR API through the public internet.

Which combination of steps should the company take to MOST improve its security? (Select TWO)

RefreshNextRandom

B. Set up VPC endpoints to connect to the Amazon EMR API
D. Set up IAM roles to be used to connect to the Amazon EMR API
IAM Home

IAM Question 5/22


An application running on an Amazon EC2 instance needs to access an Amazon DynamoDB table. Both the EC2 instance and the DynamoDB table are in the same AWS account. A solutions architect must configure the necessary permissions.

Which solution will allow least privilege access to the DynamoDB table from the EC2 instance?

RefreshNextRandom

A. Create an IAM role with the appropriate policy to allow access to the DynamoDB table. Create an instance profile to assign this IAM role to the EC2 instance.
IAM Home

IAM Question 6/22


A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies.

How should a solutions architect address this issue?

RefreshNextRandom

D. Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy.
The permissions boundary for an IAM entity (user or role) sets the maximum permissions that the entity can have. This can change the effective permissions for that user or role. The effective permissions for an entity are the permissions that are granted by all the policies that affect the user or role. Within an account, the permissions for an entity can be affected by identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs, or session policies. Therefore, the solutions architect can set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy. CORRECT: "Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy" is the correct answer. INCORRECT: "Create an Amazon SNS topic to send an alert every time a developer creates a new policy" is incorrect as this would mean investigating every incident which is not an efficient solution. INCORRECT: "Use service control policies to disable IAM activity across all accounts in the organizational unit" is incorrect as this would prevent the developers from being able to work with IAM completely. INCORRECT: "Prevent the developers from attaching any policies and assign all IAM duties to the security operations team" is incorrect as this is not necessary. The requirement is to allow developers to work with policies, the solution needs to find a secure way of achieving this. References: AWS Identity and Access Management > User Guide > Permissions boundaries for IAM entities
IAM Home

IAM Question 7/22


A company wants to share forensic accounting data that is stored in an Amazon RDS DB instance with an external auditor. The auditor has its own AWS account and requires its own copy of the database.

How should the company securely share the database with the auditor?

RefreshNextRandom

A. Create a read replica of the database and configure IAM standard database authentication to grant the auditor access.
IAM Home

IAM Question 8/22


A solutions architect is designing a new workload in which an AWS Lambda function will access an Amazon DynamoDB table.

What is the MOST secure means of granting the Lambda function access to the DynamoDB labia?

RefreshNextRandom

A. Create an IAM role with the necessary permissions to access the DynamoDB table. Assign the role to the Lambda function.
IAM Home

IAM Question 9/22


A company has several web servers that need to frequently access a common Amazon RDS MySQL Multi–AZ instance.

The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.

A company has several web servers that need to frequently access a common Amazon ROS MySQL Muto–AZ DB instance.

The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.

Which solution meets these requirements?

RefreshNextRandom

A. Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager
IAM Home

IAM Question 10/22


A new employee has joined a company as a deployment engineer. The deployment engineer will be using AWS CloudFormation templates to create multiple AWS resources. A solutions architect wants the deployment engineer to perform job activities while following the principle of least privilege.

Which combination of actions should the solutions architect take to accomplish this goal? (Choose two.)

RefreshNextRandom

A. Have the deployment engineer use AWS account root user credentials for performing AWS CloudFormation stack operations.
E. Create an IAM role for the deployment engineer to explicitly define the permissions specific to the AWS CloudFormation stack and launch stacks using Dial IAM role.
IAM Home

IAM Question 11/22


A company has two AWS accounts: Production and Development. There are code changes ready in the Development account to push to the Production account. In the alpha phase, only two senior developers on the development team need access to the Production account. In the beta phase, more developers might need access to perform testing as well.

What should a solutions architect recommend?

RefreshNextRandom

D. Create an IAM group in the Production account and add it as a principal in the trust policy that specifies the Production account. Add developers to the group.
IAM Home

IAM Question 12/22


An organization has three separate AWS accounts, one each for development, testing, and production. The organization wants the testing team to have access to certain AWS resources in the production account. How can the organization achieve this?

RefreshNextRandom

B. Create the IAM roles with cross account access.
An organization has multiple AWS accounts to isolate a development environment from a testing or production environment. At times the users from one account need to access resources in the other account, such as promoting an update from the development environment to the production environment. In this case the IAM role with cross account access will provide a solution. Cross account access lets one account share access to their resources with users in the other AWS accounts. References: AWS Security Best Practices
IAM Home

IAM Question 13/22


An engineering team is developing and deploying AWS Lambda functions. The team needs to create roles and manage policies in AWS IAM to configure the permissions of the Lambda functions.

How should the permissions for the team be configured so they also adhere to the concept of least privilege?

RefreshNextRandom

A. Create an IAM role with a managed policy attached. Allow the engineering team and the Lambda functions to assume this role.
IAM Home

IAM Question 14/22


A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3.

These files are encrypted using AWS Key Management Service Customer Master Keys (AWS KMS CMKs).

A solutions architect needs to design a solution that will ensure the required permissions are set correctly.

Which combination of actions accomplish this? (Select TWO)

RefreshNextRandom

B. Grant the decrypt permission for the Lambda IAM role in the KMS key's policy.
E. Create a new IAM role with the kms decrypt permission and attach the execution role to the Lambda function.
IAM Home

IAM Question 15/22


A company needs a storage solution for an application that runs on a high performance computing (HPC) cluster. The cluster is hosted on AWS Fargate for Amazon Elastic Container Service (Amazon ECS). The company needs a mountable file system that provides concurrent access to files while delivering hundreds of Gbps of throughput at sub–millisecond latencies

Which solution meets these requirements?

RefreshNextRandom

A. Create an Amazon FSx for Lustre file share for the application data Create an IAM role that allows Fargate to access the FSx for Lustre file share
IAM Home

IAM Question 16/22


A user wants to list the IAM role that is attached to their Amazon EC2 instance. The user has login access to the EC2 instance but does not have IAM permissions.

What should a solutions architect do to retrieve this information?

RefreshNextRandom

A. Run the following EC2 command: curl http://169.254.169.254/latest/meta-data/iam/info References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > IAM roles for Amazon EC2
IAM Home

IAM Question 17/22


A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3. These files are encrypted using AWS Key Management Service Customer Master Keys (AWS KMS CMKs). A solutions architect needs to design a solution that will ensure the required permissions are set correctly.

Which combination of actions accomplish this? (Choose two.)

RefreshNextRandom

B. Grant the decrypt permission for the Lambda IAM role in the KMS key's policy.
E. Create a new IAM role with the kms:decrypt permission and attach the execution role to the Lambda function.
IAM Home

IAM Question 18/22


A solutions architect needs to design a managed storage solution for a company's application that includes high–performance machine learning. This application runs on AWS Fargate, and the connected storage needs to have concurrent access to files and deliver high performance.

Which storage option should the solutions architect recommend?

RefreshNextRandom

B. Create an Amazon FSx for Lustre file share and establish an IAM role that allows Fargate to communicate with FSx for Lustre.
Keyword: Concurrent Access to files + Deliver High Performance Amazon FSx: A high-performance file system optimized for fast processing of workloads. Lustre is a popular open-source parallel file system. Also supports concurrent access to the same file or directory from thousands of compute instances. Amazon IAM with FSx: Amazon FSx is integrated with AWS Identity and Access Management (IAM). This integration means that you can control the actions your AWS IAM users and groups can take to manage your file systems (such as creating and deleting file systems). You can also tag your Amazon FSx resources and control the actions that your IAM users and groups can take based on those. Fargate Launch Type – So, Answer C & D Ruled-out as per Neal David. Fargate automatically provisions resources Fargate provisions and manages compute Charged for running tasks. No EFS and EBS integration Fargate handles cluster optimization. Limited control, infrastructure is automated References: Amazon Elastic File System
IAM Home

IAM Question 19/22


A company has an application running as a service in Amazon Elastic Container Service (Amazon EC2) using the Amazon launch type.

The application code makes AWS API calls to publish messages to Amazon Simple Queue Service (Amazon SQS).

What is the MOST secure method of giving the application permission to publish messages to Amazon SQS?

RefreshNextRandom

B. Create a new IAM user with SQS permissions. The update the task definition to declare the access key ID and secret access key as environment variables.
IAM Home

IAM Question 20/22


A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda.

The application's traffic recently spiked due to fraudulent requests from botnets.

Which steps should a solutions architect take to block requests from unauthorized users? (Select TWO.)

RefreshNextRandom

B. Integrate logic within the Lambda function to ignore the requests from fraudulent addresses.
E. Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.
IAM Home

IAM Question 21/22


A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission to access Amazon S3?

RefreshNextRandom

B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition.
IAM Home

IAM Question 22/22


A company has enabled AWS CloudTrail logs to deliver log files to an Amazon S3 bucket for each of its developer accounts. The company has created a central AWS account for streamlining management and audit reviews. An internal auditor needs to access the CloudTrail logs, yet access needs to be restricted for all developer account users. The solution must be secure and optimized.

How should a solutions architect meet these requirements?

RefreshNextRandom

C. Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account. Create an IAM role in the central account for the auditor. Attach an IAM policy providing read only permissions to the bucket. Go to dashboard
IAM Home

security group

- 19 Questions
security group(19)  Home

security group Question 1/19


A company Is designing an internet–facing web application. The application runs on Amazon EC2 for Linux–based instances that store sensitive user data in Amazon RDS MySQL Multi–AZ DB instances.

The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web–based attacks.

What should a solutions architect recommend?

RefreshNextRandom

D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.
security group Home

security group Question 2/19


A company is running an application on Amazon EC2 instances hosted in a private subnet of a VPC.

The EC2 instances are configured in an Auto Scaling group behind an Elastic Load Balancer (ELB).

The EC2 instances use a NAT gateway for outbound internet access.

However the EC2 instances are not able to connect to the public internet to download software updates.

What are the possible root causes of this issue? (Select TWO )

RefreshNextRandom

B. The route tables in the VPC are configured incorrectly
E. The outbound rules on the security group attached to the EC2 Instances are configured incorrectly.
security group Home

security group Question 3/19


A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted.

Which combination of steps will meet these requirements? (Choose two.)

RefreshNextRandom

A. Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.
B. Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate this new web ACL with the CloudFront distribution.
security group Home

security group Question 4/19


Which of the following is true of Amazon EC2 security group?

RefreshNextRandom

D. You can modify the rules for a security group at any time.
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group. References: Amazon Elastic Compute Cloud > User Guide for Linux Instances > Amazon EC2 security groups for Linux instances
security group Home

security group Question 5/19


A solutions architect is designing a two–tier web application. The application consists of a public–facing web tier hosted on Amazon EC2 in public subnets. The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet. Security is a high priority for the company.

How should security groups be configured in this situation? (Choose two.)

RefreshNextRandom

A. Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.
C. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.
In this scenario an inbound rule is required to allow traffic from any internet client to the web front end on SSL/TLS port 443. The source should therefore be set to 0.0.0.0/0 to allow any inbound traffic. To secure the connection from the web frontend to the database tier, an outbound rule should be created from the public EC2 security group with a destination of the private EC2 security group. The port should be set to 1433 for MySQL. The private EC2 security group will also need to allow inbound traffic on 1433 from the public EC2 security group. This configuration can be seen in the diagram: CORRECT: "Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0" is a correct answer. CORRECT: "Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier" is also a correct answer. INCORRECT: "Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0" is incorrect as this is configured backwards. INCORRECT: "Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier" is incorrect as the MySQL database instance does not need to send outbound traffic on either of these ports. INCORRECT: "Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier" is incorrect as the database tier does not need to allow inbound traffic on port 443. References: Amazon Virtual Private Cloud > User Guide > Security groups for your VPC
security group Home

security group Question 6/19


A company is designing an internet–facing web application. The application runs on Amazon EC2 for Linux–based instances that store sensitive user data in Amazon RDS MySQL Multi–AZ DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web–based attacks.

What should a solutions architect recommend?

RefreshNextRandom

C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group.
security group Home

security group Question 7/19



What should a solutions architect do to correct this issue?

RefreshNextRandom

B. Create security group rules using the security group ID as the source or destination.
security group Home

security group Question 8/19


A company operates a two–tier application for image processing. The application uses two Availability Zones, each with one public subnet and one private subnet. An Application Load Balancer (ALB) for the web tier uses the public subnets.

Amazon EC2 instances for the application tier use the private subnets.

Users report that the application is running more slowly than expected. A security audit of the web server log files shows that the application is receiving millions of illegitimate requests from a small number of IP addresses. A solutions architect needs to resolve the immediate performance problem while the company investigates a more permanent solution.

What should the solutions architect recommend to meet this requirement?

RefreshNextRandom

A. Modify the inbound security group for the web tier. Add a deny rule for the IP addresses that are consuming resources.
security group Home

security group Question 9/19



Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

RefreshNextRandom

A. Replace the current security group of the bastion host with one that only allows inbound access from the application instances.
C. Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company.
security group Home

security group Question 10/19


A Solutions Architect is designing the architecture for a web application that will be hosted on AWS. Internet users will access the application using HTTP and HTTPS.

How should the Architect design the traffic control requirements?

RefreshNextRandom

C. Allow inbound ports for HTTP and HTTPS in the security group used by the web servers.
security group Home

security group Question 11/19



The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for the network ACLs. security groups, and route tables are still in their default states.

What should a solutions architect recommend to fix the application?

RefreshNextRandom

D. Add an inbound rule to the security group of the database tier's RDS instance to allow traffic from the web tier's security group.
security group Home

security group Question 12/19


A company hosts a popular web application. The web application connects to a database running in a private VPC subnet.

The web servers must be accessible only to customers on an SSL connection.

The Amazon RDS for MySQL database services be accessible only from the web servers.

How should a solution architect design a solution to meet the requirements without impacting applications?

RefreshNextRandom

B. Open an HTTPS port on the security group for web server and set the source to 0. 0. 0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to web server security group.
security group Home

security group Question 13/19



What should a solutions architect do to correct this issue?

RefreshNextRandom

B. Create security group rules using the security group ID as the source or destination.
security group Home

security group Question 14/19


A solutions architect is creating a new VPC design. There are two public subnets for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web servers use only HTTPS.

The solutions architect has already created a security group for the load balancer allowing port 443 from 0.0.0.0/0. Company policy requires that each resource has the least access required to still be able to perform its tasks.

Which additional configuration strategy should the solutions architect use to meet these requirements?

RefreshNextRandom

B. Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.
security group Home

security group Question 15/19


A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address. The default security group is assigned to the EC2 instance. The default network ACL has been modified to block all traffic. A solutions architect needs to make the web server accessible from everywhere on port 443.

Which combination of steps will accomplish this task? (Choose two.)

RefreshNextRandom

A. Create a security group with a rule to allow TCP port 443 from source 0.0.0.0/0.
B. Create a security group with a rule to allow TCP port 443 to destination 0.0.0.0/0.
security group Home

security group Question 16/19



What should a solution architect do to connect issue?

RefreshNextRandom

A. Create security group rules using the instance ID as the source destination.
security group Home

security group Question 17/19


A solutions architect is developing a multiple–subnet VPC architecture. The solution will consist of six subnets in two Availability Zones. The subnets are defined as public, private and dedicated for databases.

Only the Amazon EC2 instances running in the private subnets should be able to access a database.

Which solution meets these requirements?

RefreshNextRandom

C. Create a security group that allows ingress from the security group used by instances in the private subnets. Attach the security group to an Amazon RDS DB instance.
security group Home

security group Question 18/19


The following are the key requirements:

The web servers must be accessible only to users on an SSL connection.
The database should be accessible to the web layer, which is created in a public subnet only.
All traffic to and from the IP range 182.20.0.0/16 subnet should be blocked.
Which combination of steps meets these requirements? (Select two.)

RefreshNextRandom

B. Create a database server security group with an inbound rule for MySQL port 3306 and specify the source as a web server security group.
D. Create a web server security group with an inbound rule for HTTPS port 443 traffic from anywhere (0.0.0.0/0). Create network ACL inbound and outbound deny rules for IP range 182.20.0.0/16.
security group Home

security group Question 19/19


A solutions architect is creating a new VPC design. There are two public subnet for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web serves use only HTTPS. The solutions architect has already created a security group for the load Balancer allowing port 443 from 0.0 0.0/0. Company policy requires that each resource has the least access required to still be able to perform its tasks.

Which additional configuration strategy should the solution architect use to meet these requirements?

RefreshNextRandom

C. Create a security group for the web servers and allow port 443 from the load balancer. Create a security group for the MySQL servers and allow port 3306 from the web sewers security group
security group Home

ECS

- 13 Questions
ECS(13)  Home

ECS Question 1/13


An eCommerce website is deploying its web application as Amazon Elastic Container Service (Amazon ECS) container instance behind an Application Load Balancer (ALB). During periods of high activity, the website slows down and availability is reduced.

A solutions architect uses Amazon CloudWatch alarms to receive notifications whenever there is an availability issues so they can scale out resource Company management wants a solution that automatically responds to such events.

Which solution meets these requirements?

RefreshNextRandom

D. Set up AWS Auto Scaling to scale out the ECS service when the ALB target group CPU utilization is too high. Set up AWS Auto Scaling to scale out the ECS cluster when the CPU or memory reservation is too high.
ECS Home

ECS Question 2/13


An eCommerce website is deploying its web application as Amazon Elastic Container Service (Amazon ECS) container instances behind an Application Load Balancer (ALB). During periods of high activity, the website slows down and availability is reduced.

A solutions architect uses Amazon CloudWatch alarms to receive notifications whenever there is an availability issue so they can scale out resources. Company management wants a solution that automatically responds to such events.

Which solution meets these requirements?

RefreshNextRandom

A. Set up AWS Auto Scaling to scale out the ECS service when there are timeouts on the AL
B. Set up AWS Auto Scaling to scale out the ECS cluster when the CPU or memory reservation is too high.
ECS Home

ECS Question 3/13


A company is building an application that consists of several microservices. The company has decided to use container technologies to deploy its software on AWS. The company needs a solution that minimizes the amount of ongoing effort for maintenance and scaling. The company cannot manage additional infrastructure.

Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

RefreshNextRandom

A. Deploy an Amazon Elastic Container Service (Amazon ECS) cluster.
B. Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple Availability Zones.
ECS Home

ECS Question 4/13


A company is developing a new machine learning model solution in AWS. The models are developed as independent microservices that fetch about 1 GB of model data from Amazon S3 at startup and load the data into memory. users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where the result should be sent.

The company provides models to hundreds of users. The usage patterns for the models are irregular. somes models could be unused for days or weeks. other models could receive batches of thousands of requests at a time.

Which solution meets these requirements?

RefreshNextRandom

D. The requests from the API are sent to the model's Amazon simple Queue Service (Amazon SQS) queue. Models are deployed as Amazon Elastics container service ( Amazon ECS) services reading from the queue. AWS Auto Scaling is enabled ECS for both the cluster and copies the service based on the queue size.
ECS Home

ECS Question 5/13


A company is developing a new machine learning model solution in AWS. The models are developed as independent microservices that fetch about 1 GB of model data from Amazon S3 at startup and load the data into memory. Users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where the results should be sent.

The company provides models to hundreds of users. The usage patterns for the models are irregular Some models could be unused for days or weeks. Other models could receive batches of thousands of requests at a time.

Which solution meets these requirements?

RefreshNextRandom

D. The requests from the API are sent to the models Amazon Simple Queue Service (Amazon SQS) queue. Models are deployed as Amazon Elastic Container Service (Amazon ECS) services reading from the queue AWS Auto Scaling is enabled on Amazon ECS for both the cluster and copies of the service based on the queue size.
ECS Home

ECS Question 6/13


A company is developing an eCommerce application that will consist of a load–balanced front end. a container–based application and a relational database A solutions architect needs to create a highly available solution that operates with as little manual intervention as possible

Which solutions meet these requirements? (Select TWO.)

RefreshNextRandom

A. Create an Amazon RDS DB instance in Multi-AZ mode
D. Create an Amazon Elastic Container Service (Amazon ECS) cluster with a Fargate launch type to handle the dynamic application load
Relational database: RDS Container-based applications: ECS "Amazon ECS enables you to launch and stop your container-based applications by using simple API calls. You can also retrieve the state of your cluster from a centralized service and have access to many familiar Amazon EC2 features." Little manual intervention: Fargate You can run your tasks and services on a serverless infrastructure that is managed by AWS Fargate. Alternatively, for more control over your infrastructure, you can run your tasks and services on a cluster of Amazon EC2 instances that you manage. References: Amazon Elastic Container Service > Developer Guide > What is Amazon Elastic Container Service?
ECS Home

ECS Question 7/13


A company wants to run its critical applications in containers to meet requirements for scalability and availability. The company prefers to focus on maintenance of the critical applications. The company does not want to be responsible for provisioning and managing the underlying infrastructure that runs the containerized workload.

What should a solutions architect do to meet these requirements?

RefreshNextRandom

C. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate.
ECS Home

ECS Question 8/13


A company is running a multi–tier web application on–premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records. The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth. A solutions architect must improve the application's infrastructure.

Which combination of actions should the solutions architect take to accomplish this? (Select TWO.)

RefreshNextRandom

A. Migrate the PostgreSQL database to Amazon Aurora
E. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS)
ECS Home

ECS Question 9/13


A company is building its web application using containers on AWS. The company requires three instances of the web application to run at all times. The application must be able to scale to meet increases in demand. Management is extremely sensitive to cost but agrees that the application should be highly available.

What should a solutions architect recommend?

RefreshNextRandom

D. Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Amazon EC2 launch type with one container instance in two different Availability Zones. Create a task definition for the web application. Place two tasks on one container instance and one task on the remaining container instance.
ECS Home

ECS Question 10/13


A solutions architect is creating a data processing job that runs once daily and can take up to 2 hours to complete If the job is interrupted, it has to restart from the beginning

How should the solutions architect address this issue in the MOST cost–effective manner?

RefreshNextRandom

C. Use an Amazon Elastic Container Service (Amazon ECS) Fargate task triggered by an Amazon EventBridge (Amazon CloudWatch Events) scheduled event.
ECS Home

ECS Question 11/13


A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS for MySQL database, and Application Load Balance Amazon Elastic Container Service (Amazon ECS) to host the website and its microservices.

Which design changes should a solutions architect recommend to support the expected growth? (Select TWO.)

RefreshNextRandom

A. Move static files from Amazon ECS to Amazon S3
E. Create RDS lead replicas and change the application to use these replicas.
ECS Home

ECS Question 12/13


A company's near–real–time streaming application is running on AWS. As the data is ingested, a job runs on the data and takes 30 minutes to complete. The workload frequently experiences high latency due to large amounts of incoming data. A solutions architect needs to design a scalable and serverless solution to enhance performance.

Which combination of steps should the solutions architect take? (Choose two.)

RefreshNextRandom

A. Use Amazon Kinesis Data Firehose to ingest the data.
E. Use AWS Fargate with Amazon Elastic Container Service (Amazon ECS) to process the data.
ECS Home

ECS Question 13/13


A company that recently started using AWS establishes a Site–to–Site VPN between its on–premises datacenter and AWS. The company's security mandate states that traffic originating from on–premises should stay within the company's private IP space when communicating with an Amazon Elastic Container Service (Amazon ECS) cluster that is hosting a sample web application.

Which solution meets this requirement?

RefreshNextRandom

C. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VPC. Connect the two VPCs by using VPC peering.
ECS Home

AMI

- 6 Questions
AMI(6)  Home

AMI Question 1/6


A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.

Which design should the solutions architect use?

RefreshNextRandom

C. Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue.
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. Get started with SQS in minutes using the AWS console, Command Line Interface or SDK of your choice, and three simple commands. SQS offers two types of message queues. Standard queues offer maximum throughput, best-effort ordering, and at-least-once delivery. SQS FIFO queues are designed to guarantee that messages are processed exactly once, in the exact order that they are sent. Scaling Based on Amazon SQS There are some scenarios where you might think about scaling in response to activity in an Amazon SQS queue. For example, suppose that you have a web app that lets users upload images and use them online. In this scenario, each image requires resizing and encoding before it can be published. The app runs on EC2 instances in an Auto Scaling group, and it's configured to handle your typical upload rates. Unhealthy instances are terminated and replaced to maintain current instance levels at all times. The app places the raw bitmap data of the images in an SQS queue for processing. It processes the images and then publishes the processed images where they can be viewed by users. The architecture for this scenario works well if the number of image uploads doesn't vary over time. But if the number of uploads changes over time, you might consider using dynamic scaling to scale the capacity of your Auto Scaling group. In this case we need to find a durable and loosely coupled solution for storing jobs. Amazon SQS is ideal for this use case and can be configured to use dynamic scaling based on the number of jobs waiting in the queue. To configure this scaling you can use the backlog per instance metric with the target value being the acceptable backlog per instance to maintain. You can calculate these numbers as follows: Backlog per instance: To calculate your backlog per instance, start with the ApproximateNumberOfMessages queue attribute to determine the length of the SQS queue (number of messages available for retrieval from the queue). Divide that number by the fleet's running capacity, which for an Auto Scaling group is the number of instances in the InService state, to get the backlog per instance. Acceptable backlog per instance: To calculate your target value, first determine what your application can accept in terms of latency. Then, take the acceptable latency value and divide it by the average time that an EC2 instance takes to process a message. This solution will scale EC2 instances using Auto Scaling based on the number of jobs waiting in the SQS queue. CORRECT: "Create an Amazon SQS queue to hold the jobs that needs to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue" is the correct answer. INCORRECT: "Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage" is incorrect as scaling on network usage does not relate to the number of jobs waiting to be processed. INCORRECT: "Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage" is incorrect. Amazon SNS is a notification service so it delivers notifications to subscribers. It does store data durably but is less suitable than SQS for this use case. Scaling on CPU usage is not the best solution as it does not relate to the number of jobs waiting to be processed. INCORRECT: "Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic" is incorrect. Amazon SNS is a notification service so it delivers notifications to subscribers. It does store data durably but is less suitable than SQS for this use case. Scaling on the number of notifications in SNS is not possible. References: Amazon EC2 Auto Scaling > User Guide > Scaling based on Amazon SQS
AMI Home

AMI Question 2/6


A company has a three–tier, stateless web application. The company's web and application tiers run on Amazon BC2 instances in an Auto Scaling group with an Amazon Elastic Block Store (Amazon EBS) root volume, and the database tier runs on Amazon RDS for PostgreSQL.

The company's recovery point objective (RPO) is 2 hours.

What should a solutions architect recommend to enable backups for this environment?

RefreshNextRandom

D. Retain the latest Amazon Machine Images (AMIs) of the web and application tiers Configure daily Amazon RDS snapshots and use point-in-time recovery to meet the RPO.
AMI Home

AMI Question 3/6


A development team stores its Amazon RDS MySQL DB instance user name and password credentials in a configuration file. The configuration file is stored as plaintext on the root device volume of the team's Amazon EC2 instance. When the team's application needs to reach the database, it reads the file and loads the credentials into the code. The team has modified the permissions of the configuration file so that only the application can read its content. A solution architect must design a more secure solution.

What should the solutions architect do to meet this requirement?

RefreshNextRandom

D. Move the configuration file to an EC2 instance store, and create an Amazon Machine Image (AMI) of the instance. Launch new instances from this AMI.
AMI Home

AMI Question 4/6


A company has an application that is hosted on Amazon EC2 instances in two private subnets. A solutions architect must make the application available on the public internet with the least amount of administrative effort.

What should the solutions architect recommend?

RefreshNextRandom

C. Create an Amazon Machine Image (AMI) of the instances in the private subnet and restore in the public subnet. Create a load balancer and associate two public subnets from the same Availability Zones as the public instances.
AMI Home

AMI Question 5/6


A company has an application that posts messages to Amazon SQS. Another application polls the queue and processes the messages in an I/O–intensive operation. The company has a service level agreement (SLA) that specifies the maximum amount of time that can elapse between receiving the messages and responding to the users. Due to an increase in the number of messages, the company has difficulty meeting its SLA consistently.

What should a solutions architect do to help improve the application's processing time and ensure it can handle the load at any level?

RefreshNextRandom

D. Create an Amazon Machine Image (AMI) from the instance used for processing. Create an Auto Scaling group using this image in its launch configuration. Configure the group with a target tracking policy based on the age of the oldest message in the SQS queue.
AMI Home

AMI Question 6/6


A company's application is running on Amazon EC2 instances in a single Region. In the event of a disaster, a solutions architect needs to ensure that the resources can also be deployed to a second Region.

Which combination of actions should the solutions architect take to accomplish this? (Choose two.)

RefreshNextRandom

B. Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region.
D. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination.
Cross Region EC2 AMI Copy We know that you want to build applications that span AWS Regions and we're working to provide you with the services and features needed to do so. We started out by launching the EBS Snapshot Copy feature late last year. This feature gave you the ability to copy a snapshot from Region to Region with just a couple of clicks. In addition, last month we made a significant reduction (26% to 83%) in the cost of transferring data between AWS Regions, making it less expensive to operate in more than one AWS region. Today we are introducing a new feature: Amazon Machine Image (AMI) Copy. AMI Copy enables you to easily copy your Amazon Machine Images between AWS Regions. AMI Copy helps enable several key scenarios including: Simple and Consistent Multi-Region Deployment – You can copy an AMI from one region to another, enabling you to easily launch consistent instances based on the same AMI into different regions. Scalability – You can more easily design and build world-scale applications that meet the needs of your users, regardless of their location. Performance – You can increase performance by distributing your application and locating critical components of your application in closer proximity to your users. You can also take advantage of region specific features such as instance types or other AWS services. Even Higher Availability – You can design and deploy applications across AWS regions, to increase availability. Once the new AMI is in an Available state the copy is complete. Once the new AMI is in an Available state the copy is complete.
AMI Home